← 返回 Skills 市场
559
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install tcc-quality-gates
功能描述
Implements six universal, language-agnostic quality gates for APIs, web apps, and CI/CD pipelines using repository-configured checks and detailed reports.
安全使用建议
This instruction-only skill appears coherent for repository quality gating, but review these points before installing:
- It will read repository files, CI artifacts, and git history to collect evidence—run it only on repositories you trust or in a sandbox/copy if you have sensitive data.
- It will create report and evidence files inside the repository (default paths under docs/quality and .tmp). Ensure the agent does not have unwanted push/commit permissions if you don't want persistent changes.
- Because the skill performs secret-detection and scans, it may surface file paths or fingerprints of sensitive files; do not assume it will redact everything—validate outputs.
- Inspect and, if needed, customize the .defs/quality-gateway-definition.json template to set thresholds and blocking behavior appropriate to your org before use.
- If you require stronger assurance, run the skill against a cloned repository in an isolated environment and review generated reports and any agent actions before granting broader access.
功能分析
Type: OpenClaw Skill
Name: tcc-quality-gates
Version: 1.0.0
The skill instructs the AI agent to collect metrics, explicitly mentioning the use of "local commands (if allowed by runtime)" in SKILL.md. While this capability is necessary for a quality gate skill that needs to run analysis tools, it represents a significant security risk (potential RCE vulnerability) if the agent's execution environment is not adequately sandboxed or if the agent can be prompted to execute arbitrary commands from untrusted inputs. The skill itself does not contain instructions for malicious actions like data exfiltration or persistence, but it exposes a powerful primitive that could be exploited.
能力评估
Purpose & Capability
Name/description (generic quality gates for repos/CI) align with the actual requirements: the skill is instruction-only, operates on repository files and optional CI artifacts, and uses a repository-stored JSON config (.defs/quality-gateway-definition.json). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to read repo contents, CI artifacts, test/coverage/vulnerability reports, and git history and to write report and evidence files into repo paths. This is expected for the stated purpose, but it does mean the agent will access potentially sensitive repository data (including history and artifact files) and will create files in the repository. Confirm that you want scans on full repo history and that report-writing behavior is acceptable.
Install Mechanism
No install spec and no code files requiring runtime installation. Instruction-only skills are lowest-risk from an install perspective because nothing is downloaded or executed from external URLs by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or system config paths. The inputs described (REPO_ROOT, optional CI artifact path, commit range) are proportional to its stated function. There are no unexplained requests for tokens, keys, or external service credentials.
Persistence & Privilege
always:false and model-invocation defaults are normal. The skill requires writing reports and evidence into repository paths (temp and docs directories). Writing into the repository is within scope but is persistent and could modify repo state; verify agent permissions and whether the agent will commit/push those files.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tcc-quality-gates - 安装完成后,直接呼叫该 Skill 的名称或使用
/tcc-quality-gates触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of tcc-quality-gates skill.
- Defines 6 universal quality gateways for API and web applications (build health, automated testing, security, performance, maintainability, release readiness).
- Language-agnostic; works with any repository and CI provider.
- Uses a central JSON configuration: .defs/quality-gateway-definition.json.
- Outputs both human-readable (Markdown) and machine-readable (JSON) reports, plus references to supporting evidence.
- Enforces clear storage and reporting conventions for all outputs and temporary files.
元数据
常见问题
Generic Quality Gateways for Unattended Agent Development 是什么?
Implements six universal, language-agnostic quality gates for APIs, web apps, and CI/CD pipelines using repository-configured checks and detailed reports. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 559 次。
如何安装 Generic Quality Gateways for Unattended Agent Development?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tcc-quality-gates」即可一键安装,无需额外配置。
Generic Quality Gateways for Unattended Agent Development 是免费的吗?
是的,Generic Quality Gateways for Unattended Agent Development 完全免费(开源免费),可自由下载、安装和使用。
Generic Quality Gateways for Unattended Agent Development 支持哪些平台?
Generic Quality Gateways for Unattended Agent Development 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Generic Quality Gateways for Unattended Agent Development?
由 TCC(@thecybercore)开发并维护,当前版本 v1.0.0。
推荐 Skills