← 返回 Skills 市场
Qa Gate Gcp
作者
Guilherme Favaron
· GitHub ↗
· v0.1.1
· MIT-0
418
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install qa-gate-gcp
功能描述
Pre-production validation gate for GCP stack (Cloud Run/Functions/App Engine, Firestore/Cloud SQL, Firebase Auth/Identity Platform) — generates test plans, e...
安全使用建议
Things to check before installing or running this skill:
- Reconcile metadata: ask the author to fix the inconsistent registry fields (top-level 'required env vars/binaries' vs claw.json).
- Treat GOOGLE_APPLICATION_CREDENTIALS as sensitive: run the skill with a least-privilege service account (avoid owner/editor) and consider using a read-only auditing account.
- Treat OPENROUTER_API_KEY as high-risk for data exposure: confirm whether LLM-as-judge sends raw source, secrets, or credentials to the external endpoint; request explicit redaction rules or allow LLM evaluation to be disabled.
- Inspect generated scripts before execution (they are created by the skill): ensure they do not leak secrets or upload entire repo contents to external services.
- Prefer running the skill in an isolated environment (ephemeral VM/container) without access to production secrets, or run a dry-run that generates the plan but does not execute external calls.
- If you must provide GOOGLE_APPLICATION_CREDENTIALS, create a narrowly privileged service account and rotate/delete the key after use.
- Ask the author to document which data is sent to external LLMs and to make OPENROUTER usage optional. If the author cannot clarify or refuses, treat the skill as higher risk and avoid providing real credentials.
功能分析
Type: OpenClaw Skill
Name: qa-gate-gcp
Version: 0.1.1
The skill acts as a QA automation engine that generates and executes Bash and TypeScript scripts to validate GCP infrastructure and application logic. While the instructions in SKILL.md include safety guidelines (e.g., read-only gcloud commands, no .env access), the core functionality of executing generated shell scripts based on discovered project metadata (like service names or file paths) creates a high risk for command injection. Furthermore, the 'LLM-as-judge' feature in SKILL.md sends application content to an external endpoint (openrouter.ai), which is a functional requirement but constitutes a sensitive data flow.
能力评估
Purpose & Capability
The skill claims to be a GCP pre-production validation gate, which legitimately needs GCP project/region info and gcloud. However registry metadata at the top lists no required env/binaries while claw.json declares required binaries (node, npx, git, gcloud) and env vars (OPENROUTER_API_KEY, GCP_PROJECT_ID, GCP_REGION, GOOGLE_APPLICATION_CREDENTIALS). This inconsistency in declared requirements is unexplained and confusing to a user evaluating needed privileges.
Instruction Scope
SKILL.md instructs scanning the repository (package.json, source files), generating validation scripts, and performing LLM-as-judge evaluations. It promises not to read/modify .env or credential files directly, but also says generated code will read env vars and may call external LLMs. The instructions do not clearly limit what content is sent to the external LLM (OPENROUTER), so sensitive repository contents or infra details could be transmitted without explicit redaction rules.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute from a remote URL — lowest install risk. It does declare required binaries in claw.json, which is reasonable for the described tasks (node, git, gcloud).
Credentials
Requesting GCP_PROJECT_ID, GCP_REGION and GOOGLE_APPLICATION_CREDENTIALS is proportionate to inspecting GCP infra, but these are highly sensitive (service account credentials). OPENROUTER_API_KEY is also requested for LLM evaluations; using an external LLM for judging outputs is plausible but not essential for infra checks and increases risk of exfiltration. The metadata does not make clear whether OPENROUTER use is optional or how data is redacted before being sent.
Persistence & Privilege
The skill requires filesystem and network permissions (declared in claw.json) so it can scan the repo and call external services and writes reports (e.g., qa-reports/test-plan.json). always:false (normal). No indications it modifies other skills or requires permanent platform-level privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qa-gate-gcp - 安装完成后,直接呼叫该 Skill 的名称或使用
/qa-gate-gcp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
qa-gate-gcp 0.1.1
- Added a new CHANGELOG.md file to document changes.
- Updated claw.json with minor adjustments.
- No user-facing features or protocol changes introduced in this version.
v0.1.0
qa-gate-gcp v0.1.0 – Initial release
- Introduces a comprehensive pre-production validation gate for Google Cloud Platform stacks (Cloud Run/Functions/App Engine, Firestore/Cloud SQL, Firebase Auth/Identity Platform).
- Generates detailed, structured test plans covering API endpoints, server actions, UI pages, toast notifications, authentication flows, LLM-powered features, and GCP infrastructure.
- Executes automated validations, including API contract checks, UI/UX flow validation, toast behavior, LLM quality (rule-based and LLM-as-judge), and infrastructure health inspections.
- Produces structured go/no-go reports to support confident production releases.
- Requires all test activities to follow a strict, multi-step planning protocol before validation begins.
元数据
常见问题
Qa Gate Gcp 是什么?
Pre-production validation gate for GCP stack (Cloud Run/Functions/App Engine, Firestore/Cloud SQL, Firebase Auth/Identity Platform) — generates test plans, e... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 418 次。
如何安装 Qa Gate Gcp?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qa-gate-gcp」即可一键安装,无需额外配置。
Qa Gate Gcp 是免费的吗?
是的,Qa Gate Gcp 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Qa Gate Gcp 支持哪些平台?
Qa Gate Gcp 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Qa Gate Gcp?
由 Guilherme Favaron(@guifav)开发并维护,当前版本 v0.1.1。
推荐 Skills