AANA Release Readiness Check Skill
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be confused about which package identity or version they installed.
The registry metadata lists slug "aana-release-readiness-check-skill" and version "1.0.0", while the bundled manifest and README use a different slug/version. This is an identity/provenance inconsistency, although no executable code is bundled.
"slug": "aana-release-readiness-check", "version": "0.1.0"
Verify the registry entry and package contents before relying on it, and ask the publisher to align the registry, manifest, and README metadata.
If an external checker is configured, limited release information could be shared outside the current agent context.
The skill contemplates sending release-readiness metadata to a configured checker. The data flow is purpose-aligned and explicitly redacted, but users should know release status and risk details may be shared if such a checker is configured.
When using a configured AANA checker, send only a minimal redacted review payload ... Do not include secrets, private release notes, credentials, full logs, or unrelated repository data
Use only trusted configured checkers and keep the payload limited to the listed redacted fields.