diff --git a/.github/workflows/npm-telegram-beta-e2e.yml b/.github/workflows/npm-telegram-beta-e2e.yml
index f1a53c81858..68ef49d6f26 100644
--- a/.github/workflows/npm-telegram-beta-e2e.yml
+++ b/.github/workflows/npm-telegram-beta-e2e.yml
@@ -48,22 +48,22 @@ jobs:
             exit 1
           fi
 
-      - name: Require maintainer-level repository access
+      - name: Require release manager team membership
         uses: actions/github-script@v8
         with:
           script: |
-            const allowedRoles = new Set(["admin", "maintain"]);
-            const { owner, repo } = context.repo;
-            const { data } = await github.rest.repos.getCollaboratorPermissionLevel({
-              owner,
-              repo,
-              username: context.actor,
+            const { owner } = context.repo;
+            const teamSlug = "openclaw-release-managers";
+            const members = await github.paginate(github.rest.teams.listMembersInOrg, {
+              org: owner,
+              team_slug: teamSlug,
+              per_page: 100,
             });
-            const role = data.role_name ?? data.permission;
-            core.info(`Actor ${context.actor} role: ${role}`);
-            if (!allowedRoles.has(role)) {
+            const memberLogins = new Set(members.map((member) => member.login));
+            core.info(`${teamSlug} members loaded: ${memberLogins.size}`);
+            if (!memberLogins.has(context.actor)) {
               core.setFailed(
-                `Workflow requires maintainer/admin access. Actor "${context.actor}" has "${role}".`,
+                `Workflow requires active ${teamSlug} membership. Actor "${context.actor}" is not a member of ${owner}/${teamSlug}.`,
               );
             }
 
diff --git a/test/scripts/npm-telegram-live.test.ts b/test/scripts/npm-telegram-live.test.ts
index 0154ff6a5ee..304d1c906c0 100644
--- a/test/scripts/npm-telegram-live.test.ts
+++ b/test/scripts/npm-telegram-live.test.ts
@@ -42,12 +42,15 @@ describe("npm Telegram live Docker E2E", () => {
     expect(script).toContain('credential_role="ci"');
   });
 
-  it("limits the manual npm beta workflow to maintainer-level actors", () => {
+  it("limits the manual npm beta workflow to release managers", () => {
     const workflow = readFileSync(WORKFLOW_PATH, "utf8");
 
-    expect(workflow).toContain('const allowedRoles = new Set(["admin", "maintain"]);');
-    expect(workflow).toContain("const role = data.role_name ?? data.permission;");
+    expect(workflow).toContain('const teamSlug = "openclaw-release-managers";');
+    expect(workflow).toContain("github.rest.teams.listMembersInOrg");
+    expect(workflow).toContain("memberLogins.has(context.actor)");
     expect(workflow).not.toContain('new Set(["admin", "write"])');
+    expect(workflow).not.toContain("data.role_name");
+    expect(workflow).not.toContain("getMembershipForUserInOrg");
   });
 
   it("lets npm-specific credential aliases override shared QA env", () => {