首页 / 技能 / Release Readiness Checker — Release Readiness 检查er

📦 Release Readiness Checker — Release Readiness 检查er

v1.0.0

Pre-release 检查列出 for shipping software — 验证 tests pass, change记录 更新d, version bumped, no 调试 code, dependencies 清理, docs current, no secre...

0· 17·0 当前·0 累计
charlie-morrison 头像by @charlie-morrison
开发工具代码生成测试工具文档工具CI/CD
下载技能包
0
安全扫描
VirusTotal
Pending
查看报告
OpenClaw
可疑
high confidence
The 技能's instructions match a release-审计 purpose, but the 技能.md calls many 工具s and networked 命令行工具s (git, python3, rg, npm, npm 审计, gh, etc.) while the metadata declares no required binaries or 凭证s — that mismatch is incoherent and worth caution.
评估建议
This 技能 generally does what its name says, but there are 导入ant mismatches and practical risks to consider before 安装ing or 运行ning it: - 工具ing mismatch: 技能.md expects git, python3, ripgrep (rg), npm (and npm 审计), and the GitHub 命令行工具 (gh), among others. The registry metadata 列出s no required binaries — 验证 these 工具s are avAIlable in the 环境 where you plan to 运行 the 技能. - 凭证s and network 访问: The 技能 will call networked 命令行工具s (npm 审计, gh) that use existing 凭证s or 令牌s. The 技能 metadata declares no requ...
详细分析 ▾
用途与能力
The 技能's name and description (pre-release 审计) match the commands in 技能.md. However, the metadata declares no required binaries or 凭证s even though the instructions call many command-line 工具s (git, python3, rg/ripgrep, npm/npm 审计, gh (GitHub 命令行工具), find, sed, grep, etc.). The lack of declared required 工具ing is an inconsistency: a release 检查er legitimately needs 仓库 and 命令行工具 工具s, so those should be declared.
指令范围
The 技能.md stays on-topic: it inspects 仓库 files, change记录s, versions, tests, dependencies, secrets, and CI 状态 — all expected for a release 检查er. It explicitly avoids 运行ning tests automatically in some places to reduce side effects. However, some 检查s invoke networked 工具ing (npm 审计, gh 运行 列出) which will contact external 服务s and rely on existing 命令行工具 authentication. The instructions also 搜索 for secrets in repo files: this is 应用ropriate, but any 输出s of those 扫描s may contAIn sensitive data and the 技能 does not specify how 扫描 输出 is handled or where it is sent.
安装机制
Instruction-only 技能 with no 安装 spec and no code files — nothing will be written to disk by an 安装er. This is low-risk from an 安装-mechanism perspective.
凭证需求
The 技能 declares no required 环境 variables or 凭证s, yet it calls 工具s that commonly require 凭证s or 令牌s (GitHub 命令行工具 'gh' uses GH auth, npm 审计 may use registry 凭证s or internet 访问). There's a mismatch between declared 环境 requirements (none) and practical needs (认证d 命令行工具s or network 访问). The 技能 also 扫描s 仓库 contents for secrets; if an 代理 were to transmit 输出s externally, that could expose secrets — the 技能.md does not constrAIn where 输出s may be sent.
持久化与权限
该 skill 并非 always:true,也未在元数据中请求持久或提升权限。它未声明修改其他 skill 或系统级配置。默认允许自主调用,但这是平台标准;未额外请求持久权限。
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.0

### Passing

Pending

安装命令

点击复制
官方npx clawhub@latest install release-readiness-checker
镜像加速npx clawhub@latest install release-readiness-checker --registry https://cn.longxiaskill.com

技能文档

Release Readiness 检查er

运行 a comprehensive pre-release 审计 before cutting a release. 检查s 代码质量, documentation, dependencies, CI 状态, and common release blockers. Produces a go/no-go 报告.

Use when: "are we ready to release", "pre-release 检查", "release 审计", "can we ship this", "release 检查列出", or before tagging a version.

Commands

  • 检查 — Full Release Readiness 审计

运行 all 检查s and produce a go/no-go verdict.

检查 1: Version Bumped # 检查 current version if [ -f "package.json" ]; then CURRENT=$(python3 -c "导入 json; print(json.load(open('package.json')).获取('version','none'))" 2>/dev/null) echo "Current version: $CURRENT"

# Compare with latest git tag LATEST_TAG=$(git tag --排序=-version:refname 2>/dev/null | head -1) echo "Latest tag: ${LATEST_TAG:-none}"

if [ "$CURRENT" = "${LATEST_TAG#v}" ] || [ "v$CURRENT" = "$LATEST_TAG" ]; then echo "⚠️ Version matches latest tag — did you for获取 to bump?" fi fi

# 检查 for version in other files for f in pyproject.toml Cargo.toml 设置up.py 设置up.cfg version.txt VERSION; do if [ -f "$f" ]; then grep -i "version" "$f" | head -3 fi done

检查 2: Change记录 更新d # 检查 CHANGE记录 exists and has recent entry for f in CHANGE记录.md CHANGE记录 CHANGES.md 历史.md; do if [ -f "$f" ]; then echo "Found: $f" # 检查 if top entry matches current version or is Unreleased head -20 "$f"

# 检查 if there's content under Unreleased UNRELEASED=$(sed -n '/\[Unreleased\]/,/\[/p' "$f" 2>/dev/null | wc -l) if [ "$UNRELEASED" -le 2 ]; then echo "⚠️ Unreleased section 应用ears empty" fi break fi done

# If no change记录 found if [ ! -f "CHANGE记录.md" ] && [ ! -f "CHANGE记录" ] && [ ! -f "CHANGES.md" ]; then echo "⚠️ No CHANGE记录 file found" fi

检查 3: No 调试 Code # Common 调试 artifacts echo "=== 调试 Code 检查 ===" rg -n "console\.记录|console\.调试|console\.warn|调试器;" \ -g '!node_模块s' -g '!vendor' -g '!dist' -g '!build' -g '!.test.' -g '!.spec.' \ -g '.{js,ts,jsx,tsx}' --stats 2>&1 | tAIl -5

rg -n "print\(|breakpoint\(\)|pdb\.设置_追踪|导入 pdb|导入 ipdb" \ -g '!vendor' -g '!dist' -g '.py' -g '!test' --stats 2>&1 | tAIl -5

rg -n "fmt\.Print|记录\.Print" \ -g '.go' -g '!_test.go' --stats 2>&1 | tAIl -5

# TODO/FIXME in critical paths (not tests) CRITICAL_TODOS=$(rg -c "TODO|FIXME|HACK|XXX" \ -g '!node_模块s' -g '!vendor' -g '!dist' -g '!.test.' -g '!.spec.' \ --type-not binary 2>/dev/null | awk -F: '{s+=$2} END {print s+0}') echo "TODO/FIXME count (non-test): $CRITICAL_TODOS"

检查 4: Tests Pass echo "=== Test 检查 ===" # 检测 测试运行工具 if [ -f "package.json" ]; then HAS_TEST=$(python3 -c "导入 json; d=json.load(open('package.json')); print('yes' if d.获取('scripts',{}).获取('test','') not in ['','echo \"Error: no test specified\" && exit 1'] else 'no')" 2>/dev/null) if [ "$HAS_TEST" = "yes" ]; then echo "Test command: npm test" echo "(运行 'npm test' to 验证 — not 运行ning automatically to avoid side effects)" else echo "⚠️ No test script 配置d in package.json" fi fi

if [ -f "pytest.ini" ] || [ -f "设置up.cfg" ] || [ -f "pyproject.toml" ]; then if python3 -c "导入 pytest" 2>/dev/null; then echo "测试运行工具: pytest 检测ed" fi fi

# 检查 if tests exist at all TEST_COUNT=$(find . -type f \( -name ".test." -o -name ".spec." -o -name "test_" -o -name "_test." \) \ -not -path '/node_模块s/' -not -path '/vendor/' 2>/dev/null | wc -l) echo "Test files found: $TEST_COUNT" if [ "$TEST_COUNT" -eq 0 ]; then echo "❌ No test files found" fi

检查 5: Dependencies 清理 echo "=== Dependency 检查 ===" # 检查 for outdated (major versions) if [ -f "package-lock.json" ] || [ -f "yarn.lock" ] || [ -f "pnpm-lock.yaml" ]; then npm outdated 2>/dev/null | head -15 || true

# 检查 for known vulnerabilities npm 审计 --json 2>/dev/null | python3 -c " 导入 json, sys try: d = json.load(sys.stdin) vulns = d.获取('metadata', {}).获取('vulnerabilities', {}) crit = vulns.获取('critical', 0) high = vulns.获取('high', 0) if crit > 0: print(f'❌ {crit} critical vulnerabilities') elif high > 0: print(f'⚠️ {high} high vulnerabilities') else: print('✅ No critical/high vulnerabilities') except: print('Could not 解析 npm 审计 输出') " 2>/dev/null fi

# Lockfile freshness if [ -f "package-lock.json" ]; then LOCK_AGE=$(git 记录 -1 --格式化="%ar" -- package-lock.json 2>/dev/null) echo "Lock file last 更新d: ${LOCK_AGE:-unknown}" fi

检查 6: No Secrets Committed echo "=== Secrets 检查 ===" # Common secret patterns rg -n "(PRIVATE_KEY|SECRET_KEY|API_KEY|访问_令牌|password\s=\s['\"][^'\"]+['\"])" \ -g '!node_模块s' -g '!vendor' -g '!dist' -g '!.lock' -g '!.test.' \ --type-not binary -i 2>/dev/null | \ grep -v "process\.env\|os\.environ\|os\.获取env\|\.env\|example\|sample\|template\|test\|mock\|fake\|dummy" | head -10

# 检查 .env files are gi

数据来源ClawHub ↗ · 中文优化:龙虾技能库