AANA Release Readiness Check Skill
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: aana-release-readiness-check-skill Version: 1.0.0 The skill bundle is a purely instructional set of guidelines designed to act as a safety gate for software releases. It contains no executable code, as confirmed by manifest.json, and includes explicit security-positive instructions in SKILL.md to redact secrets, credentials, and private data before generating review payloads.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be confused about which package identity or version they installed.
The registry metadata lists slug "aana-release-readiness-check-skill" and version "1.0.0", while the bundled manifest and README use a different slug/version. This is an identity/provenance inconsistency, although no executable code is bundled.
"slug": "aana-release-readiness-check", "version": "0.1.0"
Verify the registry entry and package contents before relying on it, and ask the publisher to align the registry, manifest, and README metadata.
If an external checker is configured, limited release information could be shared outside the current agent context.
The skill contemplates sending release-readiness metadata to a configured checker. The data flow is purpose-aligned and explicitly redacted, but users should know release status and risk details may be shared if such a checker is configured.
When using a configured AANA checker, send only a minimal redacted review payload ... Do not include secrets, private release notes, credentials, full logs, or unrelated repository data
Use only trusted configured checkers and keep the payload limited to the listed redacted fields.