Create Release
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Gitee release helper that reads release/PR history and publishes a release only after user confirmation, though users should verify the target repository and credentials before confirming.
This skill appears reasonable for creating Gitee releases. Install/use it only with a trusted Gitee MCP configuration, least-privileged repository access, and confirm the generated changelog, target repository, version tag, and prerelease flag before allowing the release to be created.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user confirms incorrect details, the agent could publish an unwanted release or tag information to the Gitee repository.
The skill can publish a release through a tool call, which is a meaningful repository mutation, but the artifact requires user confirmation first.
Show the generated changelog to the user for confirmation. After confirmation, use `create_release`
Before confirming, verify the repository owner/name, version tag, prerelease setting, and changelog content.
The configured Gitee account’s permissions determine which repositories can be read or modified.
The skill relies on delegated Gitee MCP permissions to read repository data and create releases. This is expected for the purpose, but it uses the authority of the configured Gitee account.
Gitee MCP Server configured (tools: `list_releases`, `list_repo_pulls`, `create_release`)
Use a Gitee MCP configuration or token scoped only to the repositories where release creation is intended.
If a local mcporter installation is untrusted or misconfigured, MCP calls may not behave as expected.
The skill mentions an optional local helper CLI. It does not install it or require it, so this is not a concern, but users should trust any local helper the agent is asked to use.
If you have `mcporter` installed locally, you should use `mcporter` to invoke the MCP tool
Only allow use of mcporter if it is already installed from a trusted source and configured for the intended MCP server.