← 返回 Skills 市场
Release Manager
作者
Alireza Rezvani
· GitHub ↗
· v2.1.1
· MIT-0
689
总下载
0
收藏
6
当前安装
2
版本数
在 OpenClaw 中安装
/install release-manager
功能描述
Release Manager
安全使用建议
This skill largely does what it says (generate changelogs, recommend version bumps, produce release plans), but there are some red flags to check before installing:
- Verify dependencies: open the Python files (release_planner.py especially) and confirm whether they import non-standard packages (e.g., requests). If so, the README claiming "no external dependencies" is incorrect — install those packages in a controlled environment (virtualenv) before running.
- Network access and credentials: the release planner calls the GitHub API in examples. Decide whether you will run this against public repos only or private ones. For private repos or to avoid rate limits you may need to provide a GitHub token; the skill does not declare or request one, so plan how you'll supply credentials safely (CI secrets, not pasted into chat).
- Review for subprocess/network effects: inspect the code for any subprocess, os.system, or exec usage that would run shell commands. The sample rollback JSON contains commands like kubectl, curl, and redis-cli — these are examples, but confirm scripts only generate commands rather than executing them automatically.
- Run in a sandbox first: execute the scripts on a test checkout or sample data (assets/) to observe behavior and network calls before pointing them at production repositories or granting credentials.
- Check provenance: the source/owner is unknown. Prefer tools from a known maintainer or fork and audit the code; if you will use this in CI, pin the repository and add dependency and security reviews.
If you want, I can scan the actual Python files for network calls, subprocess usage, and external imports and produce a short summary of risky lines to review next.
功能分析
Type: OpenClaw Skill
Name: release-manager
Version: 2.1.1
The 'release-manager' skill bundle is a comprehensive set of DevOps tools for automating changelog generation, version bumping, and release planning. Analysis of the Python scripts (changelog_generator.py, version_bumper.py, and release_planner.py) reveals they rely exclusively on the Python standard library for string parsing and data processing. There is no evidence of malicious execution (e.g., eval, os.system), data exfiltration, or prompt injection. While the scripts generate shell commands as output for the user, they do not execute them directly, and the documentation in SKILL.md and README.md is strictly aligned with the stated engineering purpose.
能力评估
Purpose & Capability
Name/description and included files (changelog_generator.py, version_bumper.py, release_planner.py) align with a release-management tool. However the README claims "No external dependencies required (uses only Python standard library)" while SKILL.md and code snippets show network calls (requests) and CI integrations — this is an internal inconsistency (reasonable for the purpose but misleading).
Instruction Scope
Runtime instructions and examples frequently reference reading git history, piping git log into the scripts, and calling external services (GitHub API via requests, curl to feature-flag endpoints). Those are coherent with release tooling, but the skill does not document required network access or credentials. The release_plan generator shows direct calls to api.github.com (which may require authentication for private repos) and the sample rollback plan includes curl/kubectl commands; the SKILL.md does not instruct how to safely run those or declare required tokens.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded automatically — lower risk. However the README/SKILL.md claim no external dependencies while code examples use the 'requests' library and CI examples reference jq/gcloud/git/gh actions. That mismatch is a packaging/documentation inconsistency to clarify before use.
Credentials
The package declares no required environment variables or primary credential, yet instructions and code examples access external APIs (GitHub endpoints) and CI context variables (GITHUB_OUTPUT, github.repository). For private repos or higher-rate GitHub usage, a token is typically required (GITHUB_TOKEN/GH_TOKEN) but none are declared. This gap could cause unexpected network calls or failures and may prompt a user to provide credentials without guidance.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide configs, and has no install step that writes files to system locations. It appears to be a local tooling package; no automatic persistent privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install release-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/release-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.1
v2.1.1: optimization, reference splits
v1.0.0
Initial release
元数据
常见问题
Release Manager 是什么?
Release Manager. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 689 次。
如何安装 Release Manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install release-manager」即可一键安装,无需额外配置。
Release Manager 是免费的吗?
是的,Release Manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Release Manager 支持哪些平台?
Release Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Release Manager?
由 Alireza Rezvani(@alirezarezvani)开发并维护,当前版本 v2.1.1。
推荐 Skills