SR
SKILLRADAR
AI Security • Benchmarking • Index
Menu
Trust Report v1

release-openclaw-maintainer

Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.

Overall
57
Trust
17
Utility
88
Momentum
95

Install caution

High-risk behavior present

Risk: High

Source: OpenClaw Built-in Skills

Path: .agents/skills/release-openclaw-maintainer/SKILL.md

Review flags: browser/session access, credential or secret references, filesystem/home-directory access, network access or external URLs. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Environment variables / secrets
  • Shell commands
  • Network/API usage
  • Filesystem/home access
  • Browser/session access

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

browser_or_session_accessmedium

Mentions browser automation, cookies, sessions, local storage, or browser state.

credential_or_secret_referencehigh

Mentions tokens, API keys, passwords, or private-key style environment variables.

filesystem_write_or_home_accessmedium

Mentions filesystem writes, deletes, home-directory paths, or config/key locations.

network_accessmedium

Mentions external URLs, network APIs, downloads, or HTTP client usage.

package_installmedium

Mentions package installation or dependency-fetching commands.

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -75 from 6 detected flag(s).
  • Metadata bonus: +2 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 25.
  • Environment variables detected: 5.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • Recent commit activity: latest repo update was 0 day(s) ago.
  • Recent commit volume: 100 commit(s) in the lookback window (+20).
  • Source has strong public adoption: 379781 stars.
  • Fork activity suggests reuse: 79500 forks.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

  • ANTHROPIC_API_KEY
  • API
  • NPM_TOKEN
  • OPENAI_API_KEY
  • OPENCLAW_PUBLIC_REPO_RELEASE_TOKEN

Commands

  • by default; operators may target npm
  • $openclaw-changelog-update
  • , with npm dist-tag
  • .github/workflows/openclaw-npm-release.yml
  • .github/workflows/openclaw-release-publish.yml
  • : tagged releases only, published to npm
  • @openclaw/*
  • @openclaw/openclaw-release-managers
  • OPENCLAW_INSTALL_SMOKE_SKIP_NONROOT=1 pnpm test:install:smoke
  • gh api -X PATCH repos/openclaw/openclaw/releases/<id> -F body=@/tmp/notes.md
  • gh api repos/openclaw/openclaw/releases/<id>
  • gh api repos/openclaw/openclaw/releases/tags/vYYYY.M.PATCH --jq .id

URLs

  • https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml`,

Provenance & evidence

SkillRadar makes each review traceable back to the exact source path, source blob SHA, scanner version, and text-only policy that produced the report.

source
github.com/openclaw/openclaw@main
path
.agents/skills/release-openclaw-maintainer/SKILL.md
source blob SHA
1e16abe153e8bb5f190c04d8ef006356e4ded855
scanner version
0.3.0
security model
text_only_no_execute_no_install_no_secrets
scan policy
Fetched and scored as text only; no install, no execution, no runtime loading.

Evidence snippets

credential_or_secret_reference

…crets. - Parallels validation and any local live model QA for this train must use both `OPENAI_API_KEY` and `ANTHROPIC_API_KEY`. If either cannot be injected, stop before starting those loca…

filesystem_write_or_home_access

…ompatibility record whose `removeAfter` date is on or before the release date, either remove the compatibility path where safe and validate the affected tests, or write down why re…

package_install

…ning in parallel, publish npm from the successful npm preflight, then start published npm install/update, Docker, and Parallels verification while mac artifacts continue. - After a beta…

network_access

…ty, not for ordinary mac-only packaging recovery. - The production Sparkle feed lives at `https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml`, and the canonical published…

browser_or_session_access

…is absent or stale, use the local tmux + 1Password fallback: - Start or reuse a tmux session so interactive `npm login` and OTP prompts are observable and recoverable. - Hard r…

shell_command

…a train is `2026.6.6-beta.1`, even if automated alpha-only tags such as `2026.6.10-alpha.1` exist. - Ask permission before any npm publish or release step. - This skill should be sufficient to drive the normal release flow end-to-end. - Use the private mainta

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources