← Back to Skills Marketplace
guifav

Qa Gate Gcp

by Guilherme Favaron · GitHub ↗ · v0.1.1 · MIT-0
cross-platform ⚠ suspicious
418
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install qa-gate-gcp
Description
Pre-production validation gate for GCP stack (Cloud Run/Functions/App Engine, Firestore/Cloud SQL, Firebase Auth/Identity Platform) — generates test plans, e...
Usage Guidance
Things to check before installing or running this skill: - Reconcile metadata: ask the author to fix the inconsistent registry fields (top-level 'required env vars/binaries' vs claw.json). - Treat GOOGLE_APPLICATION_CREDENTIALS as sensitive: run the skill with a least-privilege service account (avoid owner/editor) and consider using a read-only auditing account. - Treat OPENROUTER_API_KEY as high-risk for data exposure: confirm whether LLM-as-judge sends raw source, secrets, or credentials to the external endpoint; request explicit redaction rules or allow LLM evaluation to be disabled. - Inspect generated scripts before execution (they are created by the skill): ensure they do not leak secrets or upload entire repo contents to external services. - Prefer running the skill in an isolated environment (ephemeral VM/container) without access to production secrets, or run a dry-run that generates the plan but does not execute external calls. - If you must provide GOOGLE_APPLICATION_CREDENTIALS, create a narrowly privileged service account and rotate/delete the key after use. - Ask the author to document which data is sent to external LLMs and to make OPENROUTER usage optional. If the author cannot clarify or refuses, treat the skill as higher risk and avoid providing real credentials.
Capability Analysis
Type: OpenClaw Skill Name: qa-gate-gcp Version: 0.1.1 The skill acts as a QA automation engine that generates and executes Bash and TypeScript scripts to validate GCP infrastructure and application logic. While the instructions in SKILL.md include safety guidelines (e.g., read-only gcloud commands, no .env access), the core functionality of executing generated shell scripts based on discovered project metadata (like service names or file paths) creates a high risk for command injection. Furthermore, the 'LLM-as-judge' feature in SKILL.md sends application content to an external endpoint (openrouter.ai), which is a functional requirement but constitutes a sensitive data flow.
Capability Assessment
Purpose & Capability
The skill claims to be a GCP pre-production validation gate, which legitimately needs GCP project/region info and gcloud. However registry metadata at the top lists no required env/binaries while claw.json declares required binaries (node, npx, git, gcloud) and env vars (OPENROUTER_API_KEY, GCP_PROJECT_ID, GCP_REGION, GOOGLE_APPLICATION_CREDENTIALS). This inconsistency in declared requirements is unexplained and confusing to a user evaluating needed privileges.
Instruction Scope
SKILL.md instructs scanning the repository (package.json, source files), generating validation scripts, and performing LLM-as-judge evaluations. It promises not to read/modify .env or credential files directly, but also says generated code will read env vars and may call external LLMs. The instructions do not clearly limit what content is sent to the external LLM (OPENROUTER), so sensitive repository contents or infra details could be transmitted without explicit redaction rules.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute from a remote URL — lowest install risk. It does declare required binaries in claw.json, which is reasonable for the described tasks (node, git, gcloud).
Credentials
Requesting GCP_PROJECT_ID, GCP_REGION and GOOGLE_APPLICATION_CREDENTIALS is proportionate to inspecting GCP infra, but these are highly sensitive (service account credentials). OPENROUTER_API_KEY is also requested for LLM evaluations; using an external LLM for judging outputs is plausible but not essential for infra checks and increases risk of exfiltration. The metadata does not make clear whether OPENROUTER use is optional or how data is redacted before being sent.
Persistence & Privilege
The skill requires filesystem and network permissions (declared in claw.json) so it can scan the repo and call external services and writes reports (e.g., qa-reports/test-plan.json). always:false (normal). No indications it modifies other skills or requires permanent platform-level privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install qa-gate-gcp
  3. After installation, invoke the skill by name or use /qa-gate-gcp
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
qa-gate-gcp 0.1.1 - Added a new CHANGELOG.md file to document changes. - Updated claw.json with minor adjustments. - No user-facing features or protocol changes introduced in this version.
v0.1.0
qa-gate-gcp v0.1.0 – Initial release - Introduces a comprehensive pre-production validation gate for Google Cloud Platform stacks (Cloud Run/Functions/App Engine, Firestore/Cloud SQL, Firebase Auth/Identity Platform). - Generates detailed, structured test plans covering API endpoints, server actions, UI pages, toast notifications, authentication flows, LLM-powered features, and GCP infrastructure. - Executes automated validations, including API contract checks, UI/UX flow validation, toast behavior, LLM quality (rule-based and LLM-as-judge), and infrastructure health inspections. - Produces structured go/no-go reports to support confident production releases. - Requires all test activities to follow a strict, multi-step planning protocol before validation begins.
Metadata
Slug qa-gate-gcp
Version 0.1.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Qa Gate Gcp?

Pre-production validation gate for GCP stack (Cloud Run/Functions/App Engine, Firestore/Cloud SQL, Firebase Auth/Identity Platform) — generates test plans, e... It is an AI Agent Skill for Claude Code / OpenClaw, with 418 downloads so far.

How do I install Qa Gate Gcp?

Run "/install qa-gate-gcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Qa Gate Gcp free?

Yes, Qa Gate Gcp is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Qa Gate Gcp support?

Qa Gate Gcp is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Qa Gate Gcp?

It is built and maintained by Guilherme Favaron (@guifav); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments