← Back to Skills Marketplace
Release Manager
by
Alireza Rezvani
· GitHub ↗
· v2.1.1
· MIT-0
689
Downloads
0
Stars
6
Active Installs
2
Versions
Install in OpenClaw
/install release-manager
Description
Release Manager
Usage Guidance
This skill largely does what it says (generate changelogs, recommend version bumps, produce release plans), but there are some red flags to check before installing:
- Verify dependencies: open the Python files (release_planner.py especially) and confirm whether they import non-standard packages (e.g., requests). If so, the README claiming "no external dependencies" is incorrect — install those packages in a controlled environment (virtualenv) before running.
- Network access and credentials: the release planner calls the GitHub API in examples. Decide whether you will run this against public repos only or private ones. For private repos or to avoid rate limits you may need to provide a GitHub token; the skill does not declare or request one, so plan how you'll supply credentials safely (CI secrets, not pasted into chat).
- Review for subprocess/network effects: inspect the code for any subprocess, os.system, or exec usage that would run shell commands. The sample rollback JSON contains commands like kubectl, curl, and redis-cli — these are examples, but confirm scripts only generate commands rather than executing them automatically.
- Run in a sandbox first: execute the scripts on a test checkout or sample data (assets/) to observe behavior and network calls before pointing them at production repositories or granting credentials.
- Check provenance: the source/owner is unknown. Prefer tools from a known maintainer or fork and audit the code; if you will use this in CI, pin the repository and add dependency and security reviews.
If you want, I can scan the actual Python files for network calls, subprocess usage, and external imports and produce a short summary of risky lines to review next.
Capability Analysis
Type: OpenClaw Skill
Name: release-manager
Version: 2.1.1
The 'release-manager' skill bundle is a comprehensive set of DevOps tools for automating changelog generation, version bumping, and release planning. Analysis of the Python scripts (changelog_generator.py, version_bumper.py, and release_planner.py) reveals they rely exclusively on the Python standard library for string parsing and data processing. There is no evidence of malicious execution (e.g., eval, os.system), data exfiltration, or prompt injection. While the scripts generate shell commands as output for the user, they do not execute them directly, and the documentation in SKILL.md and README.md is strictly aligned with the stated engineering purpose.
Capability Assessment
Purpose & Capability
Name/description and included files (changelog_generator.py, version_bumper.py, release_planner.py) align with a release-management tool. However the README claims "No external dependencies required (uses only Python standard library)" while SKILL.md and code snippets show network calls (requests) and CI integrations — this is an internal inconsistency (reasonable for the purpose but misleading).
Instruction Scope
Runtime instructions and examples frequently reference reading git history, piping git log into the scripts, and calling external services (GitHub API via requests, curl to feature-flag endpoints). Those are coherent with release tooling, but the skill does not document required network access or credentials. The release_plan generator shows direct calls to api.github.com (which may require authentication for private repos) and the sample rollback plan includes curl/kubectl commands; the SKILL.md does not instruct how to safely run those or declare required tokens.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded automatically — lower risk. However the README/SKILL.md claim no external dependencies while code examples use the 'requests' library and CI examples reference jq/gcloud/git/gh actions. That mismatch is a packaging/documentation inconsistency to clarify before use.
Credentials
The package declares no required environment variables or primary credential, yet instructions and code examples access external APIs (GitHub endpoints) and CI context variables (GITHUB_OUTPUT, github.repository). For private repos or higher-rate GitHub usage, a token is typically required (GITHUB_TOKEN/GH_TOKEN) but none are declared. This gap could cause unexpected network calls or failures and may prompt a user to provide credentials without guidance.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide configs, and has no install step that writes files to system locations. It appears to be a local tooling package; no automatic persistent privileges are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install release-manager - After installation, invoke the skill by name or use
/release-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.1
v2.1.1: optimization, reference splits
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Release Manager?
Release Manager. It is an AI Agent Skill for Claude Code / OpenClaw, with 689 downloads so far.
How do I install Release Manager?
Run "/install release-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Release Manager free?
Yes, Release Manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Release Manager support?
Release Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Release Manager?
It is built and maintained by Alireza Rezvani (@alirezarezvani); the current version is v2.1.1.
More Skills