openclaw-release-maintainer
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform standard development tasks using commands like pnpm, npm, git, and docker. These are used for building the project, running test suites, and managing the release lifecycle.
- [CREDENTIALS_UNSAFE]: The instructions involve the use of sensitive API keys (OpenAI, Anthropic) and publication tokens (NPM_TOKEN). The skill correctly manages these by sourcing them from the local shell profile (~/.profile) or 1Password, and it provides explicit guidance to the agent to avoid printing or exposing these secrets in the session output.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to publish code to NPM and interact with GitHub for release management. These are legitimate interactions with well-known services essential for the skill's primary function.
- [SAFE]: The skill implements safety guardrails, such as mandatory operator approval for version changes and publication steps, and instructs the agent to maintain security boundaries when handling secrets.
Audit Metadata