← Back to Skills Marketplace
daowuu

Clawhub Release Auditor

by wuu Dao · GitHub ↗ · v0.2.1 · MIT-0
cross-platform ✓ Security Clean
154
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install clawhub-release-auditor
Description
Validate, package, and verify ClawHub skills before and after publishing. Use when creating or updating a ClawHub skill, preparing a release, diagnosing repe...
README (SKILL.md)

ClawHub Release Auditor

Run a strict preflight before any publish. Prefer stopping with a precise explanation over guessing. Treat repeated versions as a signal that the workflow needs diagnosis, not just another upload.

Workflow

  1. Preflight

    • Run python3 scripts/preflight.py \x3Cskill-dir>.
    • Fix all hard errors before continuing.
    • Read warnings carefully; they often explain why a skill ends up suspicious.

  2. Package locally

    • Run python3 ~/project/openclaw/skills/skill-creator/scripts/package_skill.py \x3Cskill-dir> [output-dir].
    • If packaging fails, stop and explain the exact validation error.

  3. Confirm before publish

    • Show the skill path, intended version, and any remaining warnings.
    • Do not publish without explicit user confirmation.

  4. Publish

    • Publish from the skill folder, not the .skill archive.
    • After publish, record the exact version that was attempted.

  5. Verify post-publish state

    • Run python3 scripts/verify_publish.py \x3Cskill-slug> --expected-version \x3Cversion>.
    • If latest/version visibility is inconsistent, say so clearly.
    • If scan results matter, check the web page separately and explain whether the issue is pending, version mismatch, or a likely metadata/code mismatch.

What to check during preflight

  • Frontmatter only uses supported keys.
  • name and description are present and sane.
  • Placeholder text is not leaking into examples.
  • Declared metadata.openclaw.requires roughly matches real script usage.
  • Homepage/source metadata exists when possible.
  • Publish path points to the skill directory, not the packaged archive.
  • Local package validation passes before any publish attempt.

Common failure patterns

Frontmatter mismatch

If validation complains about unsupported keys, trust the validator. Do not invent alternate formats from memory.

Metadata drift

If scripts use env vars or binaries that the skill does not declare, expect suspicious scan results. Fix the declaration or the code.

Placeholder leakage

If docs contain example paths like /path/to/..., make sure they are clearly examples and not presented as real files.

Repeated publish loops

If many versions are being published quickly, pause and diagnose:

  • Did packaging actually succeed?
  • Did latest move?
  • Is scan still reading an older version?
  • Is the same metadata mismatch still present?

Scripts

scripts/preflight.py

Checks a skill directory for:

  • frontmatter problems
  • placeholder text
  • likely undeclared env vars and binaries
  • external execution hints
  • package validation failures
  • a simple verdict: do-not-publish, review-before-publish, or ready-to-package

scripts/verify_publish.py

Checks published version state with clawhub inspect and compares it to an expected version.

scripts/analyze_history.py

Inspects recent version history for a public skill and groups releases into rough categories such as docs, metadata, bugfix, and feature work. Use it to study repeated publish loops and sharpen the skill's heuristics.

scripts/failure_buckets.py

Classifies likely publish problems into practical buckets such as frontmatter-invalid, package-validation-failed, latest-not-updated, or no-hard-failure-detected.

scripts/release_worthiness.py

Compares a local skill directory against the latest published version and flags when there is no material diff. Use it to avoid unnecessary republish loops.

Publishing tips

SKILL.md body must have substantial content

ClawHub checks for "Skill content is too thin or templated." This evaluates the SKILL.md body text (markdown below frontmatter), not just the description field.

Why this matters:

  • The description field is only used for UI/search summaries
  • The SKILL.md body is what gets embedded and evaluated for the thin-content check
  • If SKILL.md has only frontmatter and no body text, it will fail even with a perfect description

How to avoid:

  • Always include substantive body content in SKILL.md (at least 300-500 words of meaningful guidance)
  • Include real workflow guidance, usage examples, and operational notes in the body
  • The more comprehensive the SKILL.md body, the less likely it triggers "templated" detection

Other common pitfalls

  • homepage field: Include a valid URL to avoid warnings
  • Empty directories: Remove any empty scripts/, references/, or other directories before packaging
  • Symlinks: These are rejected by the packager and cause failures

References

  • Read references/checklist.md for the release checklist.
  • Read references/research-notes.md when designing heuristics for repeated publish loops and common failure modes.
  • If the skill format or server behavior is unclear, read the official ClawHub skill format docs before guessing. Prefer current docs plus validator output over old habits.
Usage Guidance
This skill appears to implement exactly what it claims: local preflight checks, packaging validation, and post-publish verification via the 'clawhub' CLI. Before installing or running it, note a few practical cautions: (1) The scripts invoke your local packaging script at ~/project/openclaw/skills/skill-creator/scripts/package_skill.py — that path is an environment assumption and may not exist on your machine; verify or adjust the path before running. (2) The tools will run subprocesses (clawhub inspect, package_skill), which will interact with the network and run whatever logic those CLIs/scripts perform — review package_skill.py and ensure you trust it in your environment. (3) The preflight scanner reads files under the skill dir to detect undeclared env vars and binaries; it does not exfiltrate data, but it will report what it finds. If you want extra caution, run the scripts in a restricted or sandboxed environment and inspect the included Python files (they are short and readable) before use.
Capability Analysis
Type: OpenClaw Skill Name: clawhub-release-auditor Version: 0.2.1 The skill bundle is a developer utility designed to audit, package, and verify OpenClaw skills before publication. The Python scripts (preflight.py, verify_publish.py, etc.) function as wrappers for the 'clawhub' CLI and perform static analysis on local skill directories to prevent common metadata errors. While the scripts utilize subprocess.run to execute system commands and external scripts, this behavior is consistent with the stated purpose of a release auditor, and the SKILL.md instructions explicitly mandate user confirmation before any publishing action occurs.
Capability Assessment
Purpose & Capability
Name/description match the included scripts and SKILL.md: the scripts implement preflight checks, packaging/verify helpers, history analysis, and release-diff checks. Required binaries (clawhub, openclaw) are reasonable for these operations.
Instruction Scope
SKILL.md instructs running included scripts that read a local skill directory, run packaging validation, and call 'clawhub inspect' for remote verification — all in-scope for a publishing auditor. The scripts scan source files for undeclared env vars/binaries but do not exfiltrate secrets or make unexpected external network calls beyond the expected 'clawhub' CLI usage.
Install Mechanism
No install spec is provided (instruction-only with bundled scripts). No downloads or archive extraction are performed by the skill itself. Scripts are shipped with the skill and executed locally.
Credentials
The skill declares no environment variables and requests no credentials. The code inspects source files to detect env usage but does not itself read or require secrets. No unrelated credentials are requested.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill does not request permanent presence, does not modify other skills, and does not change system-wide agent configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawhub-release-auditor
  3. After installation, invoke the skill by name or use /clawhub-release-auditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.1
Add publishing tips: SKILL.md body must have substantive content to avoid 'too thin or templated' error.
v0.2.0
Improve review-before-publish guidance: add resolution steps and explicit re-run instruction.
v0.1.1
Add prePublishChecks declaration to SKILL.md metadata, making audit-before-publish a skill-level contract rather than optional advice.
v0.1.0
Initial release of ClawHub Release Auditor. - Validates, packages, and verifies ClawHub skills before and after publishing. - Offers strict preflight checks to catch errors before publish. - Provides clear workflow steps: preflight, package, confirm, publish, and post-publish verify. - Includes scripts for analyzing history, diagnosing common failures, and ensuring release worthiness. - Emphasizes clear error reporting and actionable feedback to reduce repeated publish failures.
Metadata
Slug clawhub-release-auditor
Version 0.2.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Clawhub Release Auditor?

Validate, package, and verify ClawHub skills before and after publishing. Use when creating or updating a ClawHub skill, preparing a release, diagnosing repe... It is an AI Agent Skill for Claude Code / OpenClaw, with 154 downloads so far.

How do I install Clawhub Release Auditor?

Run "/install clawhub-release-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Clawhub Release Auditor free?

Yes, Clawhub Release Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Clawhub Release Auditor support?

Clawhub Release Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Clawhub Release Auditor?

It is built and maintained by wuu Dao (@daowuu); the current version is v0.2.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments