← 返回 Skills 市场
guifav

Qa Gate Vercel

作者 Guilherme Favaron · GitHub ↗ · v0.1.1 · MIT-0
cross-platform ⚠ suspicious
438
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install qa-gate-vercel
功能描述
Pre-production validation gate for Vercel/Supabase/Firebase stack — generates test plans, executes test suites, validates APIs, UI, toasts, LLM output qualit...
安全使用建议
This skill appears to do what it says (generate plans and run tests for a Vercel/Supabase/Firebase app), but there are mismatches you should resolve and safety steps you should take before using it: - Verify which environment variables are actually required. claw.json lists OPENROUTER_API_KEY, SUPABASE_URL, SUPABASE_ANON_KEY, VERCEL_TOKEN, but the registry metadata shows none — ask the author to reconcile and document all env vars. Expect additional vars like TEST_AUTH_TOKEN and VALIDATION_BASE_URL used by generated tests. - Do not provide production tokens. Create scoped, short-lived, or read-only test credentials for Supabase and Vercel and a dedicated OpenRouter/LLM key with limited quota for judge runs. - Inspect generated test files and the test-plan JSON before executing them. The skill will generate and then run tests that execute code from your repository; review for any unexpected shell commands or network calls. - Run first in an isolated environment (CI job, container, or throwaway branch) so tests cannot affect production resources or leak secrets from the machine. - If you need stricter controls, request the author to declare all env vars in SKILL.md/claw.json and add an option to only generate tests (no execution) so you can run them manually after review. Given the inconsistencies and the potential to run arbitrary project code, treat this skill as moderately risky until the above clarifications and mitigations are in place.
功能分析
Type: OpenClaw Skill Name: qa-gate-vercel Version: 0.1.1 The skill implements a comprehensive QA automation pipeline that generates and executes dynamic TypeScript code via 'npx vitest' and 'npx playwright' (SKILL.md). It requires high-privilege credentials, including VERCEL_TOKEN and SUPABASE_ANON_KEY, to perform infrastructure checks and API validations. While the logic is consistent with its stated purpose as a pre-production gate, the pattern of generating and executing code that has access to administrative tokens represents a significant attack surface and high-risk operational behavior.
能力评估
Purpose & Capability
The declared purpose (generate test plans, run API/UI/LLM checks against a Vercel/Supabase/Firebase stack) is coherent with the env vars and actions described in SKILL.md (VERCEL_TOKEN, SUPABASE_* and an LLM key). However registry metadata at the top of the package lists no required env/binaries while claw.json declares node/npx/git and OPENROUTER_API_KEY, SUPABASE_URL, SUPABASE_ANON_KEY, VERCEL_TOKEN — this mismatch is an incoherence that should be resolved before trust.
Instruction Scope
SKILL.md explicitly instructs scanning project files (package.json, src/app/**, supabase/migrations, etc.), generating test scripts under qa-tests/, and executing them. Generated tests use process.env (e.g., TEST_AUTH_TOKEN, VALIDATION_BASE_URL) and will perform network calls against the target app and external LLM judge. Although SKILL.md claims it 'never reads .env/.env.local or credential files directly', generated code references process.env and the skill will read repository files — this could unintentionally surface secrets or execute repository code. The instructions also run tests (execute pipeline) which may run arbitrary project scripts; that has operational risk and requires review.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute on install, which is low-risk from an install vector perspective.
Credentials
The env vars referenced (OPENROUTER_API_KEY, SUPABASE_URL, SUPABASE_ANON_KEY, VERCEL_TOKEN) are plausible for the stated purpose. But: (1) the top-level registry metadata reports no required env vars while claw.json lists several — an inconsistency; (2) SKILL.md-generated tests also expect TEST_AUTH_TOKEN and VALIDATION_BASE_URL (and other process.env reads) that are not declared in the registry metadata, so users may be asked to provide additional secrets unexpectedly; and (3) SUPABASE_ANON_KEY and VERCEL_TOKEN are sensitive and should be scoped to test accounts. These factors make the environment/credential requirements disproportionate without further clarification.
Persistence & Privilege
always:false and no install-time persistence are appropriate. The skill will create files (test plan, tests, reports) in the workspace and execute them — that's expected for a QA tool and does not require special persistent privileges beyond filesystem/network for the workspace. Still, executing repository tests is effectively granting it permission to run arbitrary project code, so exercise operational caution.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install qa-gate-vercel
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /qa-gate-vercel 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
qa-gate-vercel v0.1.1 - Added a new CHANGELOG.md file. - Updated claw.json for improved configuration or metadata. - No changes to the core QA orchestration flow or validation protocols.
v0.1.0
Initial release of qa-gate-vercel: Pre-production validation suite for Vercel/Supabase/Firebase stacks. - Generates comprehensive test plans covering APIs, UI, toast notifications, auth flows, LLM output, and database integrity. - Creates and executes validation scripts for detected API routes, server actions, and UI pages based on the project structure. - Assesses LLM-powered features for output quality using rule-based and LLM-as-judge approaches. - Produces structured go/no-go reports after running the validation pipeline. - Operates as a final QA gate before production deployment; does not handle unit tests or credentials directly.
元数据
Slug qa-gate-vercel
版本 0.1.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Qa Gate Vercel 是什么?

Pre-production validation gate for Vercel/Supabase/Firebase stack — generates test plans, executes test suites, validates APIs, UI, toasts, LLM output qualit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 438 次。

如何安装 Qa Gate Vercel?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install qa-gate-vercel」即可一键安装,无需额外配置。

Qa Gate Vercel 是免费的吗?

是的,Qa Gate Vercel 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Qa Gate Vercel 支持哪些平台?

Qa Gate Vercel 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Qa Gate Vercel?

由 Guilherme Favaron(@guifav)开发并维护,当前版本 v0.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论