ReddRadar
Agent skill
claw-release
Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.
Install this agent skill to your Project
npx add-skill https://github.com/prompt-security/clawsec/tree/main/skills/claw-release
Metadata
Additional technical details for this skill
- openclaw
-
{ "emoji": "\ud83d\ude80", "category": "utility", "internal": true }
SKILL.md
Claw Release
Internal tool for releasing skills and managing the ClawSec catalog.
An internal tool by Prompt Security
Quick Reference
| Release Type | Command | Tag Format |
|---|---|---|
| Skill release | ./scripts/release-skill.sh <name> <version> |
<name>-v<version> |
| Pre-release | ./scripts/release-skill.sh <name> 1.0.0-beta1 |
<name>-v1.0.0-beta1 |
Release Workflow
Step 1: Determine Version Type
Ask what changed:
- Bug fixes only → Patch (1.0.0 → 1.0.1)
- New features, backward compatible → Minor (1.0.0 → 1.1.0)
- Breaking changes → Major (1.0.0 → 2.0.0)
- Testing/unstable → Pre-release (1.0.0-beta1, 1.0.0-rc1)
Step 2: Pre-flight Checks
# Check for uncommitted changes
git status
# Verify skill directory exists
ls skills/<skill-name>/skill.json
# Get current version
jq -r '.version' skills/<skill-name>/skill.json
Step 3: Run Release Script
./scripts/release-skill.sh <skill-name> <new-version>
The script will:
- Validate version format (semver)
- Check tag doesn't already exist
- Update skill.json version
- Update SKILL.md frontmatter version (if file exists)
- Update hardcoded version URLs (feed_url)
- Commit changes
- Create annotated git tag
Step 4: Push Release
git push && git push origin <skill-name>-v<version>
Step 5: Verify Release
After pushing, the CI/CD pipeline will:
- Validate skill exists
- Verify version matches skill.json
- Verify version matches SKILL.md frontmatter (if exists)
- Generate checksums from SBOM
- Create .skill package (ZIP)
- Create GitHub Release
- Trigger website rebuild (for non-internal skills)
Verify at:
- GitHub Releases:
https://github.com/prompt-security/clawsec/releases/tag/<skill-name>-v<version> - GitHub Actions: Check workflow run status
Undo a Release (Before Push)
If you need to undo before pushing:
git reset --hard HEAD~1 && git tag -d <skill-name>-v<version>
Pre-release Versions
For beta, alpha, or release candidates:
./scripts/release-skill.sh <skill-name> 1.2.0-beta1
./scripts/release-skill.sh <skill-name> 1.2.0-alpha1
./scripts/release-skill.sh <skill-name> 1.2.0-rc1
Pre-releases are automatically marked in GitHub Releases.
Common Issues
| Error | Solution |
|---|---|
Tag already exists |
Choose a different version number |
Version mismatch in CI |
Ensure you used the release script (not manual tagging) |
SKILL.md version mismatch |
Ensure you used the release script which updates both skill.json and SKILL.md |
Uncommitted changes |
Commit or stash first: git stash or git add . && git commit |
skill.json not found |
Verify skill directory path is correct |
Internal Skills
Skills with "internal": true in their openclaw section:
- Are released normally via GitHub Releases
- Are NOT shown in the public skills catalog website
- Can still be downloaded directly from release URLs
This skill (claw-release) is an internal skill.
Existing Skills
| Skill | Category | Internal |
|---|---|---|
| clawsec-feed | security | No |
| clawtributor | security | No |
| openclaw-audit-watchdog | security | No |
| soul-guardian | security | No |
| claw-release | utility | Yes |
Verification Checklist
After release, confirm:
- GitHub Release exists with correct tag
- Release has: skill.json, SKILL.md, checksums.json, .skill package
- Release is marked as pre-release if applicable
- GitHub Actions workflow completed successfully
- Website updated (for non-internal skills only)
License
GNU AGPL v3.0 or later - See repository for details.
Built by the Prompt Security team.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
prompt-security/clawsec
clawtributor
Community incident reporting for AI agents. Contribute to collective security by reporting threats.
prompt-security/clawsec
clawsec-clawhub-checker
ClawHub reputation checker for ClawSec suite. Enhances guarded skill installer with VirusTotal Code Insight reputation scores and additional safety checks.
prompt-security/clawsec
soul-guardian
Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
prompt-security/clawsec
clawsec-nanoclaw
Use when checking for security vulnerabilities in NanoClaw skills, before installing new skills, or when asked about security advisories affecting the bot
prompt-security/clawsec
openclaw-audit-watchdog
Automated daily security audits for OpenClaw agents with email reporting. Runs deep audits and sends formatted reports.
prompt-security/clawsec
clawsec-scanner
Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.
Didn't find tool you were looking for?