← Back to Skills Marketplace
559
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install tcc-quality-gates
Description
Implements six universal, language-agnostic quality gates for APIs, web apps, and CI/CD pipelines using repository-configured checks and detailed reports.
Usage Guidance
This instruction-only skill appears coherent for repository quality gating, but review these points before installing:
- It will read repository files, CI artifacts, and git history to collect evidence—run it only on repositories you trust or in a sandbox/copy if you have sensitive data.
- It will create report and evidence files inside the repository (default paths under docs/quality and .tmp). Ensure the agent does not have unwanted push/commit permissions if you don't want persistent changes.
- Because the skill performs secret-detection and scans, it may surface file paths or fingerprints of sensitive files; do not assume it will redact everything—validate outputs.
- Inspect and, if needed, customize the .defs/quality-gateway-definition.json template to set thresholds and blocking behavior appropriate to your org before use.
- If you require stronger assurance, run the skill against a cloned repository in an isolated environment and review generated reports and any agent actions before granting broader access.
Capability Analysis
Type: OpenClaw Skill
Name: tcc-quality-gates
Version: 1.0.0
The skill instructs the AI agent to collect metrics, explicitly mentioning the use of "local commands (if allowed by runtime)" in SKILL.md. While this capability is necessary for a quality gate skill that needs to run analysis tools, it represents a significant security risk (potential RCE vulnerability) if the agent's execution environment is not adequately sandboxed or if the agent can be prompted to execute arbitrary commands from untrusted inputs. The skill itself does not contain instructions for malicious actions like data exfiltration or persistence, but it exposes a powerful primitive that could be exploited.
Capability Assessment
Purpose & Capability
Name/description (generic quality gates for repos/CI) align with the actual requirements: the skill is instruction-only, operates on repository files and optional CI artifacts, and uses a repository-stored JSON config (.defs/quality-gateway-definition.json). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to read repo contents, CI artifacts, test/coverage/vulnerability reports, and git history and to write report and evidence files into repo paths. This is expected for the stated purpose, but it does mean the agent will access potentially sensitive repository data (including history and artifact files) and will create files in the repository. Confirm that you want scans on full repo history and that report-writing behavior is acceptable.
Install Mechanism
No install spec and no code files requiring runtime installation. Instruction-only skills are lowest-risk from an install perspective because nothing is downloaded or executed from external URLs by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or system config paths. The inputs described (REPO_ROOT, optional CI artifact path, commit range) are proportional to its stated function. There are no unexplained requests for tokens, keys, or external service credentials.
Persistence & Privilege
always:false and model-invocation defaults are normal. The skill requires writing reports and evidence into repository paths (temp and docs directories). Writing into the repository is within scope but is persistent and could modify repo state; verify agent permissions and whether the agent will commit/push those files.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tcc-quality-gates - After installation, invoke the skill by name or use
/tcc-quality-gates - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of tcc-quality-gates skill.
- Defines 6 universal quality gateways for API and web applications (build health, automated testing, security, performance, maintainability, release readiness).
- Language-agnostic; works with any repository and CI provider.
- Uses a central JSON configuration: .defs/quality-gateway-definition.json.
- Outputs both human-readable (Markdown) and machine-readable (JSON) reports, plus references to supporting evidence.
- Enforces clear storage and reporting conventions for all outputs and temporary files.
Metadata
Frequently Asked Questions
What is Generic Quality Gateways for Unattended Agent Development?
Implements six universal, language-agnostic quality gates for APIs, web apps, and CI/CD pipelines using repository-configured checks and detailed reports. It is an AI Agent Skill for Claude Code / OpenClaw, with 559 downloads so far.
How do I install Generic Quality Gateways for Unattended Agent Development?
Run "/install tcc-quality-gates" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Generic Quality Gateways for Unattended Agent Development free?
Yes, Generic Quality Gateways for Unattended Agent Development is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Generic Quality Gateways for Unattended Agent Development support?
Generic Quality Gateways for Unattended Agent Development is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Generic Quality Gateways for Unattended Agent Development?
It is built and maintained by TCC (@thecybercore); the current version is v1.0.0.
More Skills