← Back to Skills Marketplace
glucksberg

Pr Ship

by Glucksberg · GitHub ↗ · v1.0.13
cross-platform ⚠ suspicious
861
Downloads
0
Stars
2
Active Installs
20
Versions
Install in OpenClaw
/install pr-ship
Description
Pre-ship risk report for OpenClaw PRs. Dynamically explores the codebase to assess module risk, blast radius, and version-specific gotchas. Scores each findi...
Usage Guidance
What to check before installing or running this skill: - Review scripts/test-update-pipeline.sh line-by-line. It contains hardcoded paths (/home/dev/.openclaw/skills/pr-ship, $HOME/.openclaw/cron/jobs.json) and will read local cron config and git metadata — ensure those checks are acceptable for your environment. - The SKILL.md and playbook assume many command-line tools (git, grep, sed, node, jq, python3, pnpm, clawhub). The skill does not declare these; make sure your environment provides them and consider running in a sandbox or a dedicated dev container. - The skill's update flow (clawhub update, cron-driven CURRENT-CONTEXT.md refresh) will perform network git operations (git fetch upstream). Confirm the remote origins are trustworthy and that no credentials will be accidentally exposed or used for unintended pushes. - If you plan to enable automated updates (cron/clawhub), run the update script manually first in a safe environment and verify it does not perform unexpected writes or network pushes (the test script explicitly warns cron should not run git push or clawhub publish automatically). - The skill is coherent with its stated purpose, but because it touches system files and assumes an update pipeline, treat it as potentially impactful: run reviews locally, verify remote provenance (the package.json points to a GitHub repo), and avoid enabling automatic cron updates until you confirm the workflow and remotes. If you want, I can extract the specific lines from the script that read host paths and network operations, or produce a short checklist of commands to run locally to validate behavior safely.
Capability Analysis
Type: OpenClaw Skill Name: pr-ship Version: 1.0.13 The skill is designed for local codebase analysis using explicitly read-only commands (`grep`, `find`, `ls`, `git diff`). The `SKILL.md` and `EXPLORATION-PLAYBOOK.md` contain strong guardrails, explicitly instructing the AI agent *not* to execute commands that modify files or perform build/test actions, but only to recommend them to the user. The `scripts/test-update-pipeline.sh` script, while using more powerful commands, is for testing the skill's update mechanism and includes checks that *prevent* automated `git push` or `clawhub publish` in the cron job. A 'Security Notice' in `SKILL.md` warns users about potential secret exposure in generated reports, which is a transparency measure, not an instruction for malicious exfiltration. No evidence of intentional harmful behavior (e.g., data exfiltration, persistence, unauthorized remote control) was found.
Capability Assessment
Purpose & Capability
The skill's name, README and SKILL.md describe exactly the claimed capability (diff current branch vs main, run grep/find/git-based investigations, produce a risk report) and the included reference docs support that. However, package metadata and the provided test/update script expect additional host tooling (node, jq, python3, git) and specific local paths (/home/dev/.openclaw/..., $HOME/.openclaw/cron/jobs.json). Those tool/path assumptions are not declared in the skill's requirements, which is an incoherence to be aware of.
Instruction Scope
Most runtime instructions stay inside the OpenClaw repository (git diff, grep, find, reading references/). That matches the stated constraint 'for the OpenClaw repository only'. But the included scripts (scripts/test-update-pipeline.sh) also read and validate files outside the repo (cron jobs JSON in $HOME, /home/dev openclaw paths), check git remote URLs and fetch upstream — which extends scope beyond the repo and may perform network operations. The SKILL.md itself doesn't clearly warn that auxiliary scripts touch system configuration and expect cron update behavior.
Install Mechanism
No install specification (instruction-only) — lowest install risk. The only shipped executable artifact is a bash script intended for the update/validation pipeline; nothing is downloaded or extracted at install time. Still, that script is designed to be run by a host environment (cron) and performs read/write checks on host paths.
Credentials
The skill declares no required env vars or primary credentials, which fits a repo-local reviewer tool. In practice it implicitly requires several host tools (git, grep/sed, node, jq, python3, pnpm, clawhub) and may attempt network git operations (git fetch upstream). If the user's OpenClaw checkout or upstream remotes are private, git network actions could require credentials. The skill does not declare these binary/credential expectations.
Persistence & Privilege
always:false (good). However, the repo includes a script and textual guidance for a cron/update pipeline that modifies references/CURRENT-CONTEXT.md and expects periodic 'clawhub update' and local cron job orchestration. That design implies an intended persistent update mechanism (daily metadata refresh) which will write files on disk and run git operations — a non-trivial system interaction beyond one-off repo analysis. The skill itself does not require always:true, but the presence of scripts that assume cron/updater privileges elevates the surface to review carefully before enabling automated runs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pr-ship
  3. After installation, invoke the skill by name or use /pr-ship
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.13
Auto-updated: 2026.3.3 additional fixes (auth labels, Discord mega-wave, exec heartbeat routing, compaction continuity, session startup date grounding)
v1.0.10
- Updated package version to 1.0.10. - Refreshed references/CURRENT-CONTEXT.md with latest OpenClaw version context. - No changes to core workflow or feature set.
v1.0.7
Fix metadata mismatch, remove auto-publish, add user verification commands
v1.0.6
test
v1.0.5
Provenance metadata, GitHub source repo, homepage, security notice
v1.0.4
Updated CURRENT-CONTEXT for upstream sync
v1.1.0
Add VISION-GUIDELINES.md reference layer: contribution policy, merge guardrails, plugin/core boundary, security philosophy, will-not-merge list from OpenClaw VISION.md. Updated SKILL.md workflow to evaluate PRs against vision guidelines.
v1.0.3
Auto-update: CURRENT-CONTEXT.md refreshed from CHANGELOG v2026.2.26
v1.0.2
CURRENT-CONTEXT updated for OpenClaw v2026.2.26 (External Secrets, Security Hardening, ACP Thread-bound agents, Routing CLI)
v1.0.1
Auto-update: CURRENT-CONTEXT.md refreshed from CHANGELOG v2026.2.25
v1.0.9
Auto-update: CURRENT-CONTEXT.md refreshed from CHANGELOG v2026.2.22
v2.0.3
Consistency pass: remove generic fallback logic (skill is OpenClaw-only), simplify workflow to always diff against main, clarify scope and constraints
v2.0.2
Fix: clarify exploration commands are read-only. Build/test/codegen commands are recommended to the user, never executed by the agent. Resolves suspicious classification from code insights.
v2.0.1
Add update frequency notice to description and overview
v2.0.0
v2.0: Dynamic exploration + layered architecture. Replaces monolithic DEVELOPER-REFERENCE.md with 4 layers: STABLE-PRINCIPLES, ARCHITECTURE-MAP, CURRENT-CONTEXT (auto-updated), EXPLORATION-PLAYBOOK.
v0.3.0
Add 🟢 Low Risk severity level (1-2) for minor observations safe to ship. Three-tier scale: 🟢 low / 🟡 attention / 🔴 high.
v0.2.2
Add credit to mudrii (https://github.com/mudrii) for DEVELOPER-REFERENCE.md methodology
v0.2.1
Clarify scope: OpenClaw-specific skill using OpenClaw DEVELOPER-REFERENCE.md guidelines
v0.2.0
Rewritten description for clarity and truncation-friendliness
v0.1.0
Initial release: diff-vs-main PR shipping report with guideline-based findings and per-item alert scoring.
Metadata
Slug pr-ship
Version 1.0.13
License
All-time Installs 3
Active Installs 2
Total Versions 20
Frequently Asked Questions

What is Pr Ship?

Pre-ship risk report for OpenClaw PRs. Dynamically explores the codebase to assess module risk, blast radius, and version-specific gotchas. Scores each findi... It is an AI Agent Skill for Claude Code / OpenClaw, with 861 downloads so far.

How do I install Pr Ship?

Run "/install pr-ship" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pr Ship free?

Yes, Pr Ship is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Pr Ship support?

Pr Ship is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pr Ship?

It is built and maintained by Glucksberg (@glucksberg); the current version is v1.0.13.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments