Marila Skill Publish
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent publishing guide, but it uses authenticated GitHub/ClawHub actions and an optional agent-workspace write that should be run deliberately.
Use this skill only when you intend to publish a skill. Before running its commands, verify the repository, account, branch, slug, version, changelog, and git diff; avoid blindly using `git add -A`; and only copy files into the OpenClaw workspace in a trusted environment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong repository, branch, slug, or version, the user could publish unintended content or account changes.
These commands are central to the stated release workflow, but they can commit local files, push to GitHub, create a release, and publish a skill version.
`git add -A && git commit && git push` ... `gh release create` ... `clawhub publish <路径>`
Before running the release commands, verify git status/diff, target repository, GitHub account, ClawHub account, slug, version, and changelog.
A mistaken or over-permissioned login could publish to the wrong account or repository.
The workflow depends on authenticated GitHub and ClawHub sessions, so the commands act with the user's account permissions.
- ClawHub 账号(已登录) - GitHub 账号(用于 push 和 GitHub Release)
Run `gh auth status`, `clawhub whoami`, and `git remote -v` before publishing, and use least-privileged accounts where possible.
Executing this command can overwrite or change the agent's installed skill behavior.
Copying a skill file into the OpenClaw workspace can persistently change what the local agent uses; the artifact does warn this should be explicit and trusted.
`cp <技能目录>/SKILL.md ~/.openclaw/workspace/skills/技能名/SKILL.md` ... `只应在受信任环境中显式执行`
Only copy into the agent workspace after reviewing the file contents and confirming the target path in a trusted local environment.
Users may inspect the wrong repository when trying to verify the skill's source or release history.
The listed homepage points to a different project name than this skill and differs from the package repository, creating a provenance mismatch users should notice.
Homepage: https://github.com/aliramw/dingtalk-ai-table
Confirm the intended source repository before relying on the instructions, especially before publishing with authenticated accounts.