← 返回 Skills 市场

Clawhub Release Auditor

Name: Clawhub Release Auditor
Author: daowuu

作者 wuu Dao · GitHub ↗ · v0.2.1 · MIT-0

cross-platform ✓ 安全检测通过

154

总下载

当前安装

版本数

在 OpenClaw 中安装

/install clawhub-release-auditor

功能描述

Validate, package, and verify ClawHub skills before and after publishing. Use when creating or updating a ClawHub skill, preparing a release, diagnosing repe...

使用说明 (SKILL.md)

ClawHub Release Auditor

Run a strict preflight before any publish. Prefer stopping with a precise explanation over guessing. Treat repeated versions as a signal that the workflow needs diagnosis, not just another upload.

Workflow

Preflight
- Run python3 scripts/preflight.py \x3Cskill-dir>.
- Fix all hard errors before continuing.
- Read warnings carefully; they often explain why a skill ends up suspicious.
Package locally
- Run python3 ~/project/openclaw/skills/skill-creator/scripts/package_skill.py \x3Cskill-dir> [output-dir].
- If packaging fails, stop and explain the exact validation error.
Confirm before publish
- Show the skill path, intended version, and any remaining warnings.
- Do not publish without explicit user confirmation.
Publish
- Publish from the skill folder, not the .skill archive.
- After publish, record the exact version that was attempted.
Verify post-publish state
- Run python3 scripts/verify_publish.py \x3Cskill-slug> --expected-version \x3Cversion>.
- If latest/version visibility is inconsistent, say so clearly.
- If scan results matter, check the web page separately and explain whether the issue is pending, version mismatch, or a likely metadata/code mismatch.

What to check during preflight

Frontmatter only uses supported keys.
name and description are present and sane.
Placeholder text is not leaking into examples.
Declared metadata.openclaw.requires roughly matches real script usage.
Homepage/source metadata exists when possible.
Publish path points to the skill directory, not the packaged archive.
Local package validation passes before any publish attempt.

Common failure patterns

Frontmatter mismatch

If validation complains about unsupported keys, trust the validator. Do not invent alternate formats from memory.

Metadata drift

If scripts use env vars or binaries that the skill does not declare, expect suspicious scan results. Fix the declaration or the code.

Placeholder leakage

If docs contain example paths like /path/to/..., make sure they are clearly examples and not presented as real files.

Repeated publish loops

If many versions are being published quickly, pause and diagnose:

Did packaging actually succeed?
Did latest move?
Is scan still reading an older version?
Is the same metadata mismatch still present?

Scripts

`scripts/preflight.py`

Checks a skill directory for:

frontmatter problems
placeholder text
likely undeclared env vars and binaries
external execution hints
package validation failures
a simple verdict: do-not-publish, review-before-publish, or ready-to-package

`scripts/verify_publish.py`

Checks published version state with clawhub inspect and compares it to an expected version.

`scripts/analyze_history.py`

Inspects recent version history for a public skill and groups releases into rough categories such as docs, metadata, bugfix, and feature work. Use it to study repeated publish loops and sharpen the skill's heuristics.

`scripts/failure_buckets.py`

Classifies likely publish problems into practical buckets such as frontmatter-invalid, package-validation-failed, latest-not-updated, or no-hard-failure-detected.

`scripts/release_worthiness.py`

Compares a local skill directory against the latest published version and flags when there is no material diff. Use it to avoid unnecessary republish loops.

Publishing tips

SKILL.md body must have substantial content

ClawHub checks for "Skill content is too thin or templated." This evaluates the SKILL.md body text (markdown below frontmatter), not just the description field.

Why this matters:

The description field is only used for UI/search summaries
The SKILL.md body is what gets embedded and evaluated for the thin-content check
If SKILL.md has only frontmatter and no body text, it will fail even with a perfect description

How to avoid:

Always include substantive body content in SKILL.md (at least 300-500 words of meaningful guidance)
Include real workflow guidance, usage examples, and operational notes in the body
The more comprehensive the SKILL.md body, the less likely it triggers "templated" detection

Other common pitfalls

homepage field: Include a valid URL to avoid warnings
Empty directories: Remove any empty scripts/, references/, or other directories before packaging
Symlinks: These are rejected by the packager and cause failures

References

Read references/checklist.md for the release checklist.
Read references/research-notes.md when designing heuristics for repeated publish loops and common failure modes.
If the skill format or server behavior is unclear, read the official ClawHub skill format docs before guessing. Prefer current docs plus validator output over old habits.

安全使用建议

This skill appears to implement exactly what it claims: local preflight checks, packaging validation, and post-publish verification via the 'clawhub' CLI. Before installing or running it, note a few practical cautions: (1) The scripts invoke your local packaging script at ~/project/openclaw/skills/skill-creator/scripts/package_skill.py — that path is an environment assumption and may not exist on your machine; verify or adjust the path before running. (2) The tools will run subprocesses (clawhub inspect, package_skill), which will interact with the network and run whatever logic those CLIs/scripts perform — review package_skill.py and ensure you trust it in your environment. (3) The preflight scanner reads files under the skill dir to detect undeclared env vars and binaries; it does not exfiltrate data, but it will report what it finds. If you want extra caution, run the scripts in a restricted or sandboxed environment and inspect the included Python files (they are short and readable) before use.

功能分析

Type: OpenClaw Skill Name: clawhub-release-auditor Version: 0.2.1 The skill bundle is a developer utility designed to audit, package, and verify OpenClaw skills before publication. The Python scripts (preflight.py, verify_publish.py, etc.) function as wrappers for the 'clawhub' CLI and perform static analysis on local skill directories to prevent common metadata errors. While the scripts utilize subprocess.run to execute system commands and external scripts, this behavior is consistent with the stated purpose of a release auditor, and the SKILL.md instructions explicitly mandate user confirmation before any publishing action occurs.

能力评估

✓ Purpose & Capability

Name/description match the included scripts and SKILL.md: the scripts implement preflight checks, packaging/verify helpers, history analysis, and release-diff checks. Required binaries (clawhub, openclaw) are reasonable for these operations.

✓ Instruction Scope

SKILL.md instructs running included scripts that read a local skill directory, run packaging validation, and call 'clawhub inspect' for remote verification — all in-scope for a publishing auditor. The scripts scan source files for undeclared env vars/binaries but do not exfiltrate secrets or make unexpected external network calls beyond the expected 'clawhub' CLI usage.

✓ Install Mechanism

No install spec is provided (instruction-only with bundled scripts). No downloads or archive extraction are performed by the skill itself. Scripts are shipped with the skill and executed locally.

✓ Credentials

The skill declares no environment variables and requests no credentials. The code inspects source files to detect env usage but does not itself read or require secrets. No unrelated credentials are requested.

✓ Persistence & Privilege

always:false and normal autonomous invocation settings. The skill does not request permanent presence, does not modify other skills, and does not change system-wide agent configuration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install clawhub-release-auditor
安装完成后，直接呼叫该 Skill 的名称或使用 /clawhub-release-auditor 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.2.1

Add publishing tips: SKILL.md body must have substantive content to avoid 'too thin or templated' error.

v0.2.0

Improve review-before-publish guidance: add resolution steps and explicit re-run instruction.

v0.1.1

Add prePublishChecks declaration to SKILL.md metadata, making audit-before-publish a skill-level contract rather than optional advice.

v0.1.0

Initial release of ClawHub Release Auditor. - Validates, packages, and verifies ClawHub skills before and after publishing. - Offers strict preflight checks to catch errors before publish. - Provides clear workflow steps: preflight, package, confirm, publish, and post-publish verify. - Includes scripts for analyzing history, diagnosing common failures, and ensuring release worthiness. - Emphasizes clear error reporting and actionable feedback to reduce repeated publish failures.

元数据

Slug clawhub-release-auditor

版本 0.2.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题