Our review
Automates the release process for Claw skills, including version bumping, tagging, and verification.
Strengths
- Step-by-step release workflow with ready-to-run scripts
- Handles pre-release versions (alpha, beta, rc) automatically
- Built-in checks to prevent tag conflicts and invalid versions
- Integrates version file updates and GitHub Release creation
Limitations
- Requires shell scripts to be run in a local Git environment
- Depends on jq and gh for JSON and GitHub operations
- Does not cover rollbacks after push (only before push)
When you need to publish a new version of a Claw skill or manage the release catalog.
If you use a different centralized release tool or work on a project outside the Claw ecosystem.
Security analysis
CautionThe skill provides release automation guidance, which includes powerful git operations like reset --hard and pushing tags. While intended for internal use, an agent executing these commands could cause repository damage if misapplied. No malicious payloads or exfiltration.
- β’Uses git reset --hard which can irreversibly remove commits if executed incorrectly.
- β’Instructs running a shell script (release-skill.sh) whose contents are not audited here.
Examples
I want to release a new patch version for the soul-guardian skill. The current version is 1.0.0 and I have fixed a bug. Guide me through the release process.Create a beta pre-release for clawtributor skill with version 2.1.0-beta1.I ran the release script for openclaw-audit-watchdog but haven't pushed yet. How can I undo the release and revert the changes?name: claw-release version: 0.0.1 description: Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification. homepage: https://clawsec.prompt.security metadata: {"openclaw":{"emoji":"π","category":"utility","internal":true}} clawdis: emoji: "π" requires: bins: [git, jq, gh]
Claw Release
Internal tool for releasing skills and managing the ClawSec catalog.
An internal tool by Prompt Security
Quick Reference
| Release Type | Command | Tag Format |
|-------------|---------|------------|
| Skill release | ./scripts/release-skill.sh <name> <version> | <name>-v<version> |
| Pre-release | ./scripts/release-skill.sh <name> 1.0.0-beta1 | <name>-v1.0.0-beta1 |
Release Workflow
Step 1: Determine Version Type
Ask what changed:
- Bug fixes only β Patch (1.0.0 β 1.0.1)
- New features, backward compatible β Minor (1.0.0 β 1.1.0)
- Breaking changes β Major (1.0.0 β 2.0.0)
- Testing/unstable β Pre-release (1.0.0-beta1, 1.0.0-rc1)
Step 2: Pre-flight Checks
# Check for uncommitted changes
git status
# Verify skill directory exists
ls skills/<skill-name>/skill.json
# Get current version
jq -r '.version' skills/<skill-name>/skill.json
Step 3: Run Release Script
./scripts/release-skill.sh <skill-name> <new-version>
The script will:
- Validate version format (semver)
- Check tag doesn't already exist
- Update skill.json version
- Update SKILL.md frontmatter version (if file exists)
- Update hardcoded version URLs (feed_url)
- Commit changes
- Create annotated git tag
Step 4: Push Release
git push && git push origin <skill-name>-v<version>
Step 5: Verify Release
After pushing, the CI/CD pipeline will:
- Validate skill exists
- Verify version matches skill.json
- Verify version matches SKILL.md frontmatter (if exists)
- Generate checksums from SBOM
- Create .skill package (ZIP)
- Create GitHub Release
- Trigger website rebuild (for non-internal skills)
Verify at:
- GitHub Releases:
https://github.com/prompt-security/clawsec/releases/tag/<skill-name>-v<version> - GitHub Actions: Check workflow run status
Undo a Release (Before Push)
If you need to undo before pushing:
git reset --hard HEAD~1 && git tag -d <skill-name>-v<version>
Pre-release Versions
For beta, alpha, or release candidates:
./scripts/release-skill.sh <skill-name> 1.2.0-beta1
./scripts/release-skill.sh <skill-name> 1.2.0-alpha1
./scripts/release-skill.sh <skill-name> 1.2.0-rc1
Pre-releases are automatically marked in GitHub Releases.
Common Issues
| Error | Solution |
|-------|----------|
| Tag already exists | Choose a different version number |
| Version mismatch in CI | Ensure you used the release script (not manual tagging) |
| SKILL.md version mismatch | Ensure you used the release script which updates both skill.json and SKILL.md |
| Uncommitted changes | Commit or stash first: git stash or git add . && git commit |
| skill.json not found | Verify skill directory path is correct |
Internal Skills
Skills with "internal": true in their openclaw section:
- Are released normally via GitHub Releases
- Are NOT shown in the public skills catalog website
- Can still be downloaded directly from release URLs
This skill (claw-release) is an internal skill.
Existing Skills
| Skill | Category | Internal | |-------|----------|----------| | clawsec-feed | security | No | | clawtributor | security | No | | openclaw-audit-watchdog | security | No | | soul-guardian | security | No | | claw-release | utility | Yes |
Verification Checklist
After release, confirm:
- [ ] GitHub Release exists with correct tag
- [ ] Release has: skill.json, SKILL.md, checksums.json, .skill package
- [ ] Release is marked as pre-release if applicable
- [ ] GitHub Actions workflow completed successfully
- [ ] Website updated (for non-internal skills only)
License
GNU AGPL v3.0 or later - See repository for details.
Built by the Prompt Security team.
Docker Compose Architect
DevOps
Designs optimized Docker Compose configurations.
Incident Postmortem Writer
DevOps
Writes structured and blameless incident postmortem reports.
Runbook Creator
DevOps
Creates clear operational runbooks for common DevOps procedures.