Nm Minister Release Health Gates
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: nm-minister-release-health-gates Version: 1.0.2 The skill bundle provides a structured framework for managing GitHub release gates and deployment checklists via Markdown instructions. It contains no executable code, suspicious network requests, or evidence of malicious intent. The content is strictly limited to standard DevOps workflows, such as tracking PR status and verifying GitHub check-suites (SKILL.md, modules/quality-signals.md).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to tracker tools, the agent may change task status or effort records that teammates rely on.
The skill instructs updates to tracker records, which is an account/workflow mutation even though it fits the release-readiness purpose.
- Update tracker tasks to `Done` and log actual effort.
Require human confirmation for tracker updates and limit changes to the specific release scope.
A connected GitHub token or account could expose repository check and deployment information to the workflow.
The skill references GitHub repository and deployment data sources; using these with connected tools may rely on repository/account permissions.
| Checks | `GET /repos/{owner}/{repo}/commits/{sha}/check-suites` | ... |
| Deployments | `GET /repos/{owner}/{repo}/deployments` | ... |Use least-privilege GitHub access and keep the skill scoped to the intended repository or organization.
Release status, waiver, and retrospective information may remain in tracker records and be reused later.
The skill explicitly stores release-gate outputs in persistent tracker data for later reuse.
Rollout scorecard that persists in tracker data for retros.
Verify tracker visibility and retention settings, and avoid storing sensitive details beyond what the release process needs.