ClawHub

OpenClaw CWS Publisher

v0.2.1

Package a Chrome extension, scan tracked files for public-surface leaks, and render GitHub or ClawHub release metadata with explicit tags.

0· 75·0 current·0 all-time
by@zack-dev-cm
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the bundled scripts: packaging (build_extension_zip.py), leak scanning (scan_publish_surface.py), launch manifest generation (generate_launch_manifest.py), and rendering publish commands (render_publish_commands.py). Required binaries (python3, git, gh, clawhub) are appropriate for the described tasks.
Instruction Scope
SKILL.md instructs the agent to run the bundled scripts against a user-specified repo path, which is consistent with the goal. The scan reads tracked files (via git ls-files) and scans text-ish files for token-like patterns; it will fall back to scanning all files under the root if git listing fails, which can broaden scope if the user provides an incorrect root. The scripts read repo files and .git remotes and write JSON/MD outputs; they do not send findings to external endpoints. The leak scan will include excerpts of matching lines in outputs, so generated artifacts may contain sensitive snippets.
Install Mechanism
No install spec is provided (instruction-only with bundled Python scripts). This is low-risk compared with remote binary downloads. All code is present in the bundle; nothing is fetched from arbitrary URLs during install.
Credentials
The skill declares no required environment variables. It optionally reads CWS_PUBLIC_SITE_BASE if set (used only to construct reviewer-facing URLs). It does not request tokens/keys. Caveat: the leak scanner recognizes token-shaped patterns (e.g., ghp_, sk_) and will surface matches in output files—these outputs should be treated as potentially sensitive.
Persistence & Privilege
The skill is not force-included (always:false) and does not modify other skills or system-wide settings. It can be invoked by the agent (normal) but does not request elevated persistence or privileges.
Assessment
This skill appears to do what it says: run its bundled Python scripts on a repo to create a ZIP, scan for obvious leaks, build a launch manifest, and render publish commands. Before running: (1) confirm you point the skill at the correct repo root — if git listing fails the scanner will search every file under the root; (2) be aware the leak scan will write JSON/MD outputs that include excerpts of any matching lines (these may reveal secrets like tokens or client IDs), so do not publish those artifacts; (3) the generated publish commands include gh and npx/clawhub calls which may require you to be authenticated with the GitHub CLI and will perform network operations when executed; and (4) the ClawHub section in the generated commands uses a path (cd skill/openclaw-cws-publisher) that may need adjustment for your repo layout. If you need the skill to run autonomously, review how your agent displays or transmits the scan outputs to avoid accidental disclosure.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Any binpython3, git, gh, clawhub
browser-automationvk97140jd0121bt78c4yr0dr8cn84xmp8chrome-extensionvk97dgdac8d96a1bnjjp5cb7dnx851cwfchrome-web-storevk97dgdac8d96a1bnjjp5cb7dnx851cwflatestvk97dgdac8d96a1bnjjp5cb7dnx851cwfopenclawvk97dgdac8d96a1bnjjp5cb7dnx851cwfprivacyvk97cthwhz49q3fwrzz4vwsn7dd84xzefrelease-automationvk97cthwhz49q3fwrzz4vwsn7dd84xzef
75downloads
0stars
5versions
Updated 2d ago
v0.2.1
MIT-0
@zack-dev-cm
browser-automationchrome-extensionchrome-web-storelatestopenclawprivacyrelease-automation
Download

OpenClaw CWS Publisher

Goal

Prepare a Chrome extension repo for release with less metadata drift:

  • package the extension
  • scan tracked files for obvious leak risks
  • generate GitHub metadata
  • generate optional ClawHub metadata and explicit tags
  • render reproducible publish commands

Use This Skill When

  • the user wants a Chrome extension repo prepared for GitHub release
  • the user wants ClawHub tags and GitHub topics kept in sync
  • the user wants a leakage check before public release
  • the user already has a specific repo path to release

Operating Order

  1. Build the extension ZIP.
    • python3 {baseDir}/scripts/build_extension_zip.py --extension-dir <repo>/extension --out <zip>
  2. Scan tracked files for obvious publish leaks.
    • python3 {baseDir}/scripts/scan_publish_surface.py --root <repo> --json-out <json> --markdown-out <md>
  3. Generate launch metadata.
    • python3 {baseDir}/scripts/generate_launch_manifest.py --repo-root <repo> --owner <github-owner> --public-site-base <https://public-site.example/> --out <json>
    • If you already export CWS_PUBLIC_SITE_BASE, you can omit --public-site-base and the script will reuse that public reviewer-facing base.
  4. Render publish commands.
    • python3 {baseDir}/scripts/render_publish_commands.py --manifest <json> --out <md>

Rules

  • Operate on the repo path the user named, not on arbitrary sibling directories.
  • Do not publish when the leak scan has unresolved findings.
  • Keep GitHub topics and ClawHub tags explicit in the generated manifest.
  • Use a dedicated public site base for support, privacy-policy, and reviewer-instructions links when the extension has one.
  • Do not assume generated artifacts should be committed.

Bundled Scripts

  • scripts/build_extension_zip.py
  • scripts/scan_publish_surface.py
  • scripts/generate_launch_manifest.py
  • scripts/render_publish_commands.py

Comments

Loading comments...