← Back to Skills Marketplace
rogue-agent1

Github Release Watcher

by rogue-agent1 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
110
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install github-release-watcher
Description
Monitor specified GitHub repositories for new releases and receive notifications of newly detected tags.
README (SKILL.md)

GitHub Release Watcher

Monitor GitHub repositories for new releases and get notified.

Setup

  1. Requires gh CLI (GitHub CLI), authenticated
  2. Edit repos.txt — one owner/repo per line, # for comments

Usage

# Check all repos for new releases
bash scripts/check_releases.sh

# Use custom config file
bash scripts/check_releases.sh /path/to/repos.txt

# Dry run (show all latest releases regardless of state)
rm -f scripts/.last_seen.json && bash scripts/check_releases.sh

Integration

Cron (recommended)

Run daily via OpenClaw cron job to get notified of new releases:

Schedule: daily at 09:00
Payload: "Check for new GitHub releases using the github-release-watcher skill"

Heartbeat

Add to HEARTBEAT.md for periodic checks (1x/day recommended).

Output

  • 🆕 **owner/repo** → tag (name) — new release detected
  • ✅ No new releases detected. — all repos up to date

State

Release state stored in scripts/.last_seen.json. Delete to reset.

Adding Repos

Edit repos.txt:

# My tools
owner/repo
another/repo
Usage Guidance
This skill appears to do what it says: it needs the GitHub CLI (gh) to be authenticated and will create/update scripts/.last_seen.json to remember seen tags. Before enabling: (1) confirm you want gh to be used (gh uses your GitHub credentials/token), (2) review and restrict repos.txt to only repos you intend to monitor, (3) consider running the script manually once to verify output and that the state file location is acceptable, and (4) if you have strict auditing needs, inspect the script for quoting/edge-case behavior (repo names with unusual characters could cause errors) or run it under a dedicated low-privilege account. The author field ('rogue-agent1') is unusual but does not itself indicate malicious behavior.
Capability Analysis
Type: OpenClaw Skill Name: github-release-watcher Version: 1.0.0 The skill monitors GitHub releases but contains a command injection vulnerability in `scripts/check_releases.sh`. Specifically, repository names from `repos.txt` are interpolated directly into a Python one-liner (`python3 -c ...`) without sanitization, which allows for arbitrary code execution if a repository entry contains a single quote followed by Python code. While the provided repository list is benign and the logic aligns with the stated purpose, the lack of input validation on the configuration file constitutes a significant security flaw.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, skill.json and the script all align: the script calls gh to query repos listed in repos.txt and reports new tags. The declared requirement (gh) matches actual usage. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions stay within scope: they require an authenticated gh CLI, edit repos.txt, and run the script. The script only reads repos.txt and a local state file and queries GitHub via gh; it does not transmit data to unexpected endpoints or read unrelated system files.
Install Mechanism
No install spec (instruction-only + small script) — nothing is downloaded or extracted. This minimizes install-time risk.
Credentials
The skill requests no environment variables or credentials. It relies on the gh CLI which expects GitHub authentication; that is proportional to its purpose. The only optional env var used is STATE_FILE to override the local state path, which is reasonable.
Persistence & Privilege
The script writes a local state file scripts/.last_seen.json (or $STATE_FILE if set) to track seen tags — expected for this task. The skill is not always-enabled and does not modify other skills or system configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install github-release-watcher
  3. After installation, invoke the skill by name or use /github-release-watcher
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of GitHub Release Watcher. - Monitor one or more GitHub repositories for new releases. - Requires GitHub CLI (`gh`) and a simple config file (`repos.txt`). - Provides an easy shell script workflow for checking and notification. - Supports integration with cron jobs and heartbeat checks. - Outputs concise status for new and existing releases. - Tracks last seen releases in a local JSON state file.
Metadata
Slug github-release-watcher
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Github Release Watcher?

Monitor specified GitHub repositories for new releases and receive notifications of newly detected tags. It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.

How do I install Github Release Watcher?

Run "/install github-release-watcher" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Github Release Watcher free?

Yes, Github Release Watcher is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Github Release Watcher support?

Github Release Watcher is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Github Release Watcher?

It is built and maintained by rogue-agent1 (@rogue-agent1); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments