← Back to Skills Marketplace
guifav

Qa Gate Vercel

by Guilherme Favaron · GitHub ↗ · v0.1.1 · MIT-0
cross-platform ⚠ suspicious
438
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install qa-gate-vercel
Description
Pre-production validation gate for Vercel/Supabase/Firebase stack — generates test plans, executes test suites, validates APIs, UI, toasts, LLM output qualit...
Usage Guidance
This skill appears to do what it says (generate plans and run tests for a Vercel/Supabase/Firebase app), but there are mismatches you should resolve and safety steps you should take before using it: - Verify which environment variables are actually required. claw.json lists OPENROUTER_API_KEY, SUPABASE_URL, SUPABASE_ANON_KEY, VERCEL_TOKEN, but the registry metadata shows none — ask the author to reconcile and document all env vars. Expect additional vars like TEST_AUTH_TOKEN and VALIDATION_BASE_URL used by generated tests. - Do not provide production tokens. Create scoped, short-lived, or read-only test credentials for Supabase and Vercel and a dedicated OpenRouter/LLM key with limited quota for judge runs. - Inspect generated test files and the test-plan JSON before executing them. The skill will generate and then run tests that execute code from your repository; review for any unexpected shell commands or network calls. - Run first in an isolated environment (CI job, container, or throwaway branch) so tests cannot affect production resources or leak secrets from the machine. - If you need stricter controls, request the author to declare all env vars in SKILL.md/claw.json and add an option to only generate tests (no execution) so you can run them manually after review. Given the inconsistencies and the potential to run arbitrary project code, treat this skill as moderately risky until the above clarifications and mitigations are in place.
Capability Analysis
Type: OpenClaw Skill Name: qa-gate-vercel Version: 0.1.1 The skill implements a comprehensive QA automation pipeline that generates and executes dynamic TypeScript code via 'npx vitest' and 'npx playwright' (SKILL.md). It requires high-privilege credentials, including VERCEL_TOKEN and SUPABASE_ANON_KEY, to perform infrastructure checks and API validations. While the logic is consistent with its stated purpose as a pre-production gate, the pattern of generating and executing code that has access to administrative tokens represents a significant attack surface and high-risk operational behavior.
Capability Assessment
Purpose & Capability
The declared purpose (generate test plans, run API/UI/LLM checks against a Vercel/Supabase/Firebase stack) is coherent with the env vars and actions described in SKILL.md (VERCEL_TOKEN, SUPABASE_* and an LLM key). However registry metadata at the top of the package lists no required env/binaries while claw.json declares node/npx/git and OPENROUTER_API_KEY, SUPABASE_URL, SUPABASE_ANON_KEY, VERCEL_TOKEN — this mismatch is an incoherence that should be resolved before trust.
Instruction Scope
SKILL.md explicitly instructs scanning project files (package.json, src/app/**, supabase/migrations, etc.), generating test scripts under qa-tests/, and executing them. Generated tests use process.env (e.g., TEST_AUTH_TOKEN, VALIDATION_BASE_URL) and will perform network calls against the target app and external LLM judge. Although SKILL.md claims it 'never reads .env/.env.local or credential files directly', generated code references process.env and the skill will read repository files — this could unintentionally surface secrets or execute repository code. The instructions also run tests (execute pipeline) which may run arbitrary project scripts; that has operational risk and requires review.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute on install, which is low-risk from an install vector perspective.
Credentials
The env vars referenced (OPENROUTER_API_KEY, SUPABASE_URL, SUPABASE_ANON_KEY, VERCEL_TOKEN) are plausible for the stated purpose. But: (1) the top-level registry metadata reports no required env vars while claw.json lists several — an inconsistency; (2) SKILL.md-generated tests also expect TEST_AUTH_TOKEN and VALIDATION_BASE_URL (and other process.env reads) that are not declared in the registry metadata, so users may be asked to provide additional secrets unexpectedly; and (3) SUPABASE_ANON_KEY and VERCEL_TOKEN are sensitive and should be scoped to test accounts. These factors make the environment/credential requirements disproportionate without further clarification.
Persistence & Privilege
always:false and no install-time persistence are appropriate. The skill will create files (test plan, tests, reports) in the workspace and execute them — that's expected for a QA tool and does not require special persistent privileges beyond filesystem/network for the workspace. Still, executing repository tests is effectively granting it permission to run arbitrary project code, so exercise operational caution.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install qa-gate-vercel
  3. After installation, invoke the skill by name or use /qa-gate-vercel
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
qa-gate-vercel v0.1.1 - Added a new CHANGELOG.md file. - Updated claw.json for improved configuration or metadata. - No changes to the core QA orchestration flow or validation protocols.
v0.1.0
Initial release of qa-gate-vercel: Pre-production validation suite for Vercel/Supabase/Firebase stacks. - Generates comprehensive test plans covering APIs, UI, toast notifications, auth flows, LLM output, and database integrity. - Creates and executes validation scripts for detected API routes, server actions, and UI pages based on the project structure. - Assesses LLM-powered features for output quality using rule-based and LLM-as-judge approaches. - Produces structured go/no-go reports after running the validation pipeline. - Operates as a final QA gate before production deployment; does not handle unit tests or credentials directly.
Metadata
Slug qa-gate-vercel
Version 0.1.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Qa Gate Vercel?

Pre-production validation gate for Vercel/Supabase/Firebase stack — generates test plans, executes test suites, validates APIs, UI, toasts, LLM output qualit... It is an AI Agent Skill for Claude Code / OpenClaw, with 438 downloads so far.

How do I install Qa Gate Vercel?

Run "/install qa-gate-vercel" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Qa Gate Vercel free?

Yes, Qa Gate Vercel is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Qa Gate Vercel support?

Qa Gate Vercel is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Qa Gate Vercel?

It is built and maintained by Guilherme Favaron (@guifav); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments