← Back to Skills Marketplace
guifav

Preflight Check

by Guilherme Favaron · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
103
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install preflight-check
Description
Pre-flight environment validator — checks that all required binaries, environment variables, and services are available before running other skills
Usage Guidance
This skill appears to do what it says (preflight checks) but there are important mismatches and privacy risks you should consider before installing or running it: - Metadata mismatch: The skill's metadata declares no required env vars, yet the instructions read many sensitive variables (service tokens, private keys, GOOGLE_APPLICATION_CREDENTIALS). Ask the author to declare all env vars and explain why each is needed. - Secret handling: The SKILL.md prints fragments of sensitive values and writes a JSON report to disk. Ensure reports never include full secrets, are stored in a secure location, and are not sent to external endpoints. Prefer presence checks (test -n, test -f) instead of echoing secret contents. - Permissions: claw.json requests filesystem and network access. If you allow this skill, restrict it to user-invoked runs (disable autonomous invocation) or run it in an isolated/local environment to avoid accidental exfiltration. - Operational controls: If you still want to use it, require the author to: 1) Update metadata to list the env vars/binaries it will access. 2) Remove or redact any printing of secret values (do not include private key fragments in reports). 3) Make network checks explicit and optional, and document any external endpoints contacted. 4) Provide a signed/known source or package release (currently source/homepage are unclear). If you cannot get those assurances, run this skill only in a controlled environment (throwaway project or ephemeral container) and inspect the generated report before sharing it.
Capability Analysis
Type: OpenClaw Skill Name: preflight-check Version: 0.1.0 The skill is designed for environment validation but contains instructions in SKILL.md that risk exposing highly sensitive credentials. It directs the agent to read and output environment variables such as SUPABASE_SERVICE_ROLE_KEY and FIREBASE_PRIVATE_KEY into a diagnostic report. While some tokens are partially masked using 'head', others are echoed in full, which could lead to accidental credential leakage in logs or the generated 'preflight-report.json' file.
Capability Assessment
Purpose & Capability
The skill name/description (preflight environment validator) is consistent with the checks described in SKILL.md. However, the package metadata (claw.json) declares no required env vars or binaries while the SKILL.md explicitly defines many environment variables and binaries to check (Vercel/Supabase/GCP/Firebase/Cloudflare tokens, GOOGLE_APPLICATION_CREDENTIALS path, node/git/gh/gcloud/docker/etc.). The metadata/requirements and the runtime instructions are not synchronized — the skill will attempt to read values and test tools that are not declared up front.
Instruction Scope
The SKILL.md instructs the agent to run commands that will read environment variables and file paths including sensitive items (e.g., FIREBASE_PRIVATE_KEY, VERcEL_TOKEN, CLOUDFLARE_API_TOKEN, GOOGLE_APPLICATION_CREDENTIALS). It uses echo and head -c to display portions of secrets and writes a JSON report (preflight-report.json). Although verifying presence is reasonable, the instructions explicitly print secret fragments and store results — increasing risk of accidental exposure or exfiltration if the report or logs are transmitted elsewhere.
Install Mechanism
Instruction-only skill with no install spec and no code files; low installation risk since nothing is downloaded or extracted. No install mechanism concerns were found.
Credentials
The SKILL.md checks many sensitive environment variables and a credentials file path but the metadata's requires.env is empty and primary credential is none. Sensitive items (private key, API tokens, GOOGLE_APPLICATION_CREDENTIALS) are accessed directly. Requiring or reading such secrets is proportional to a preflight validator only if it is explicit in metadata and the checks avoid printing/storing secrets — neither is true here.
Persistence & Privilege
claw.json requests filesystem and network permissions and the skill writes preflight-report.json to the project root. Network permissions plus reading sensitive env vars increase the blast radius if the agent is allowed to invoke the skill autonomously or if the report is transmitted off-host. The skill is not marked always:true, but autonomous invocation is allowed by default; combined with the above, this is risky unless restricted.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install preflight-check
  3. After installation, invoke the skill by name or use /preflight-check
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
- Initial release of the preflight-check skill: a pre-flight environment validator for development environments. - Checks for required binaries, environment variables, and service connectivity for Vercel/Supabase, GCP, and cross-stack skills. - Produces a structured diagnostic report (JSON and human-readable) with pass/fail, recommendations, and detailed fix instructions. - Blocks or enables specific skills based on environment readiness. - Optionally performs service connectivity tests for Supabase, Vercel, Cloudflare, and GCP. - Report is saved as preflight-report.json and summarized for user clarity.
Metadata
Slug preflight-check
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Preflight Check?

Pre-flight environment validator — checks that all required binaries, environment variables, and services are available before running other skills. It is an AI Agent Skill for Claude Code / OpenClaw, with 103 downloads so far.

How do I install Preflight Check?

Run "/install preflight-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Preflight Check free?

Yes, Preflight Check is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Preflight Check support?

Preflight Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Preflight Check?

It is built and maintained by Guilherme Favaron (@guifav); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments