ClawHub

Agent QA Gates

v1.2.0

Output validation gates for AI agent systems. Prevents hallucinated data, leaked internal context, wrong formats, duplicate sends, post-compaction drift, and...

0· 278·1 current·1 all-time
byDon Zurbrick@zurbrick
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided assets: SKILL.md describes QA gate checklists and the repo contains a reference doc and a shell script that implements checks. The skill does not request unrelated credentials, binaries, or configuration paths.
Instruction Scope
SKILL.md limits itself to output-validation guidance and points to an automation script. The script operates on a provided file or stdin and looks for placeholders, secrets patterns, length/format issues, internal-context keywords, and basic code checks. It does not instruct the agent to read arbitrary system state, other skills' configs, or transmit data externally.
Install Mechanism
There is no install spec (instruction-only with a bundled script). That is low-risk. The included Bash script uses standard POSIX utilities (bash, grep, awk) but no downloaded code or external URLs.
Credentials
The skill declares no required environment variables or credentials. The script actively scans content for secret-like patterns (e.g., sk-..., AKIA..., ghp_...) but does not request or store any secrets itself.
Persistence & Privilege
The skill does not request persistent/always-on privileges (always:false), and it does not modify other skills or system-wide settings. Autonomous invocation is allowed by platform default but not elevated by this skill.
Assessment
This skill is internally consistent and appears safe to review/use, but take these precautions before installing or running it: (1) the qa-check.sh script reads whatever file or stdin you pass it — do not feed it sensitive files you don't want inspected or echoed; (2) the script looks for secret-like patterns and may produce false positives — verify flagged items manually; (3) it uses standard shell tools (bash, grep, awk) so run it in a controlled environment if you are uncertain; (4) the skill does not request credentials or network access, but avoid giving it broad file paths or automating it with elevated privileges until you’ve tested it on non-production data; (5) if you integrate it into autonomous agent pipelines, ensure gate behavior and blocking semantics match your operational safety policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk9769nb690j49ndcwacrg61hgd83r4r3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments