AANA Release Readiness Check Skill
PassAudited by ClawScan on May 5, 2026.
Overview
This is a benign instruction-only release checklist, with minor notes to verify the package identity/version and any optional AANA checker before sharing release details.
This skill appears safe to install as an instruction-only release gate. Before using it, verify the package name/version mismatch is expected, and if you connect an AANA checker, share only the redacted fields listed in the skill.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be confused about which package identity or version they installed.
The registry metadata lists slug "aana-release-readiness-check-skill" and version "1.0.0", while the bundled manifest and README use a different slug/version. This is an identity/provenance inconsistency, although no executable code is bundled.
"slug": "aana-release-readiness-check", "version": "0.1.0"
Verify the registry entry and package contents before relying on it, and ask the publisher to align the registry, manifest, and README metadata.
If an external checker is configured, limited release information could be shared outside the current agent context.
The skill contemplates sending release-readiness metadata to a configured checker. The data flow is purpose-aligned and explicitly redacted, but users should know release status and risk details may be shared if such a checker is configured.
When using a configured AANA checker, send only a minimal redacted review payload ... Do not include secrets, private release notes, credentials, full logs, or unrelated repository data
Use only trusted configured checkers and keep the payload limited to the listed redacted fields.