← Back to Skills Marketplace
zack-dev-cm

Publish Guard

by Zakhar Pashkin · GitHub ↗ · v1.0.4 · MIT-0
cross-platform ✓ Security Clean
183
Downloads
1
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install public-surface-review
Description
Publish Guard is a public ClawHub pre-release audit skill. Use it when the user says "publish guard", "release audit", "pre-release check", or wants to revie...
Usage Guidance
Publish Guard appears to do what it says: it runs local Python scripts to detect leak patterns and audit public-facing docs. Before enabling or running it, consider: 1) it will read all scannable files under whatever repository path you give it (including README.md, SKILL.md, .env-like files and other text files), so do not point it at a workspace that contains unrelated secrets or private repos; 2) it does not request credentials or perform remote calls in the bundled scripts, and the code performs redaction of sensitive-looking snippets, but filenames and metadata may still appear in outputs; 3) confirm Python is available (python3 or python), and review the included scripts yourself if you have concerns; and 4) if you allow autonomous invocation, be aware the agent could run these scans without an explicit prompt — restrict invocation or test in a sandboxed workspace if you want an extra safety margin.
Capability Analysis
Type: OpenClaw Skill Name: public-surface-review Version: 1.0.4 The skill bundle is a legitimate utility designed to audit repositories for sensitive information and documentation quality before public release. The included scripts (such as scan_leaks.py and scan_public_surface.py) use regular expressions to identify potential secret leaks (e.g., AWS keys, GitHub tokens) and internal documentation patterns, with the leak scanner explicitly redacting sensitive values in its output to prevent accidental exposure. There is no evidence of data exfiltration, unauthorized network access, or malicious command execution.
Capability Tags
cryptorequires-walletrequires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description match included artifacts: four Python scripts implement leak scanning, public-surface checks, README scoring, and audit rendering. The declared dependency (python3/python) is appropriate and proportional to the task.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python scripts against a repo root. The scripts intentionally read repository files (README.md, SKILL.md, openai.yaml, .md docs, typical text files and tracked filenames) and search for secret-shaped strings and internal-language patterns. Reading repository files is expected for an audit, but the skill will scan any file in the provided repo tree (including .env-like files) so users should not point it at a workspace containing unrelated secrets.
Install Mechanism
No install spec; this is an instruction-only skill with bundled scripts. No external downloads or package installs are requested, so there is no high-risk installation behavior.
Credentials
The skill requests no environment variables or credentials. The scripts contain regexes that recognize secret patterns (OpenAI keys, AWS keys, etc.) for detection purposes — this is appropriate to a leak scanner and does not imply the skill needs or exfiltrates secrets.
Persistence & Privilege
always is false and the skill is user-invocable. It does not modify other skills or system-wide config. Autonomous invocation is allowed (platform default) but is not combined with broad credential requests here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install public-surface-review
  3. After installation, invoke the skill by name or use /public-surface-review
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
Align installed skill identity with the public ClawHub slug and update install metadata.
v1.0.3
Harden release surface and refresh skill metadata.
v1.0.2
Align repo and packaged skill licenses to MIT-0.
v1.0.1
Declare MIT license metadata to match the repo license.
v1.0.0
Initial public release.
Metadata
Slug public-surface-review
Version 1.0.4
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 5
Frequently Asked Questions

What is Publish Guard?

Publish Guard is a public ClawHub pre-release audit skill. Use it when the user says "publish guard", "release audit", "pre-release check", or wants to revie... It is an AI Agent Skill for Claude Code / OpenClaw, with 183 downloads so far.

How do I install Publish Guard?

Run "/install public-surface-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Publish Guard free?

Yes, Publish Guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Publish Guard support?

Publish Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Publish Guard?

It is built and maintained by Zakhar Pashkin (@zack-dev-cm); the current version is v1.0.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments