← Back to Skills Marketplace
romainsantoli-web

Firm Delivery Export

by romainsantoli-web · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
329
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install firm-delivery-export
Description
Post-processing skill for firm-orchestration: converts the structured JSON output of a multi-agent workflow run into real deliverables — GitHub Pull Requests...
README (SKILL.md)

firm-delivery-export

Converts firm workflow output into real deliverables in team tooling.

Supported formats

Format Target Required env
github_pr GitHub repository PR GITHUB_TOKEN
jira_ticket Jira issue JIRA_API_TOKEN + JIRA_BASE_URL
linear_issue Linear issue LINEAR_API_KEY
markdown_report Local file / chat none
structured_document Markdown with frontmatter none
project_brief Structured PDF-ready doc none
slack_digest Slack message via webhook SLACK_WEBHOOK_URL

Usage (after firm-orchestration run)

Use firm-delivery-export to publish last workflow result as a GitHub PR:
  repo: "myorg/myrepo"
  branch: "ai/sprint-24-plan"
  title: "feat: Sprint 24 plan (AI-generated, human review pending)"
  reviewers: ["@john", "@sarah"]

GitHub PR output schema

{
  "format": "github_pr",
  "repo": "org/repo",
  "branch": "ai/{kebab-objective}",
  "base": "main",
  "title": "...",
  "body": "## AI-generated delivery\
\
{merged_output}\
\
---\
_Generated by firm-orchestration_",
  "draft": true,
  "reviewers": [],
  "labels": ["ai-generated", "needs-review"]
}

Jira ticket output schema

{
  "format": "jira_ticket",
  "project": "ENG",
  "issue_type": "Story",
  "summary": "...",
  "description": "{merged_output}",
  "priority": "Medium",
  "labels": ["ai-generated"],
  "components": []
}

Security notes

  • GITHUB_TOKEN must have repo scope — use fine-grained tokens scoped to target repo
  • All PRs are created as drafts by default (draft: true) — never auto-merged
  • Human review is mandatory: a needs-review label is applied unconditionally
  • JIRA_API_TOKEN is never logged (masked in audit trail)
  • Slack webhook URLs are treated as secrets (masked in JSONL audit)

Error handling

Error Behavior
API rate limit Retry with exponential backoff (3 attempts, max 30s)
Auth failure Fail fast, output error to session, never retry
Network timeout Fallback to markdown_report format locally
Invalid schema Reject with validation error listing missing fields

Example with delivery pipeline

1. Run firm-orchestration:
   objective: "Document the payment service API"
   departments: ["engineering", "operations"]
   delivery_format: "github_pr"

2. Run firm-delivery-export automatically:
   → Creates draft PR "docs: Payment service API documentation"
   → Branch: ai/document-payment-service-api
   → Labels: ai-generated, needs-review, documentation
   → Assigns to @team-engineering for review

💎 Support

Si ce skill vous est utile, vous pouvez soutenir le développement :

Dogecoin : DQBggqFNWsRNTPb6kkiwppnMo1Hm8edfWq

Usage Guidance
This skill appears to do what it says (create PRs/tickets/reports), but the registry requires multiple credentials by default which is unnecessary and increases risk. Before installing: (1) Ask the publisher to mark credentials optional or per-format so you only provide the tokens you actually need. (2) Use least-privilege, fine-grained tokens (repo-scoped GitHub token, limited Jira/Linear service account) and avoid org-level secrets. (3) Confirm whether SLACK_WEBHOOK_URL should be declared in metadata (it is documented but missing from required envs). (4) Test in a non-production account and rotate tokens if you revoke access. (5) If you enable autonomous invocation, be aware the agent could act with any provided credentials — prefer minimal credentials for that mode.
Capability Analysis
Type: OpenClaw Skill Name: firm-delivery-export Version: 1.0.0 The skill's stated purpose is to integrate AI workflow output with external tools like GitHub, Jira, Linear, and Slack, which is a legitimate function. It declares requirements for sensitive environment variables (e.g., GITHUB_TOKEN, JIRA_API_TOKEN) and tools (curl, bash) necessary for its operation. The SKILL.md includes explicit security notes, such as creating GitHub PRs as drafts and masking API tokens, indicating an awareness of security best practices. There is no evidence of malicious prompt injection, data exfiltration, unauthorized execution, or persistence mechanisms in the provided files. The Dogecoin address is a non-security-related request for support.
Capability Assessment
Purpose & Capability
The skill claims to create GitHub PRs, Jira and Linear issues and other deliverables — requiring GITHUB_TOKEN, JIRA_API_TOKEN, JIRA_BASE_URL and LINEAR_API_KEY is consistent if the skill must access all three systems. However, the registry lists all credentials as required (mandatory) rather than optional per-target format; that is disproportionate because a user wanting only GitHub output should not need to supply Jira and Linear secrets. Also SKILL.md documents SLACK_WEBHOOK_URL for a 'slack_digest' format but SLACK_WEBHOOK_URL is not listed in required envs, an inconsistency.
Instruction Scope
SKILL.md is instruction-only and confines actions to creating PRs, Jira/Linear tickets, local markdown reports, and optionally posting to Slack via webhook. It does not instruct reading arbitrary system files, shell history, or unrelated credentials. It does reference masking of tokens in audit logs. No instructions appear to exfiltrate unrelated data, but the instruction set assumes access to multiple external APIs and to secrets — scope is limited to integration endpoints but broad in reach if all credentials are provided.
Install Mechanism
No install spec and no code files (instruction-only). Required binary is only curl, which is reasonable for HTTP calls. This minimizes on-disk risk; there's no download/execute step.
Credentials
The skill requires four secrets as mandatory in registry metadata (GITHUB_TOKEN, JIRA_API_TOKEN, JIRA_BASE_URL, LINEAR_API_KEY). Requiring multiple unrelated service credentials by default is disproportionate for a multi-format exporter: only the credentials required for the chosen output format should be necessary. The omission of SLACK_WEBHOOK_URL from required envs while it is documented as a required env for a supported format is an inconsistency. Broadly scoped or org-level tokens would increase risk; the SKILL.md partly mitigates this by recommending repository-scoped GitHub tokens, but the registry forcing all secrets increases the blast radius.
Persistence & Privilege
always is false and there is no install; disable-model-invocation is false (normal). Autonomous invocation is allowed (platform default). Because the skill may request multiple service credentials, autonomous runs could have a larger blast radius if credentials are present — consider this in combination with the broad required-env list.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install firm-delivery-export
  3. After installation, invoke the skill by name or use /firm-delivery-export
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
firm-delivery-export 1.0.0 — initial release: - Converts structured JSON workflow output into real deliverables: GitHub PRs, Jira or Linear tickets, Markdown reports, project briefs, and structured documents. - Acts as a bridge between agent output and team tooling for final delivery. - Supports error handling for API rate limits, auth failures, network issues, and schema validation. - Requires environment variables for relevant targets (e.g., GITHUB_TOKEN for GitHub, JIRA_API_TOKEN for Jira, LINEAR_API_KEY for Linear). - All output to GitHub is created as draft PRs with "needs-review" labels to enforce human review.
Metadata
Slug firm-delivery-export
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Firm Delivery Export?

Post-processing skill for firm-orchestration: converts the structured JSON output of a multi-agent workflow run into real deliverables — GitHub Pull Requests... It is an AI Agent Skill for Claude Code / OpenClaw, with 329 downloads so far.

How do I install Firm Delivery Export?

Run "/install firm-delivery-export" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Firm Delivery Export free?

Yes, Firm Delivery Export is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Firm Delivery Export support?

Firm Delivery Export is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Firm Delivery Export?

It is built and maintained by romainsantoli-web (@romainsantoli-web); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments