ClawHub
Skill flagged — review recommended

ClawHub Security found sensitive or high-impact capabilities. Review the scan results before using.

Release Guard

v1.0.0

Guard skill releases with pre-publish validation, quality checks, and safety gates. Use before publishing any skill to ensure it meets minimum standards, pas...

0· 262· 1 versions· 0 current· 0 all-time· Updated 19h ago· MIT-0
byhaidong@harrylabsj

Security Scans

VirusTotalReviewClawScanReviewStatic analysisBenign

Install

openclaw skills install release-guard

Release Guard

Overview

Release Guard is a quality assurance skill that validates skills before they are published or shared. It runs a comprehensive checklist of validations to catch common issues and ensure skills meet minimum standards.

The release-guard skill ensures that skill releases meet quality and safety standards. It runs pre-release validation checks including security scans, dependency audits, documentation completeness, and compatibility verification.

When to Use

  • Before publishing any skill to ClawHub
  • When preparing a new version release
  • During CI/CD release pipelines
  • When the user asks to "检查" or "验证" a release
  • Before creating GitHub releases

Prerequisites

  • Node.js 18+ for script execution
  • Optional: security-auditor for detailed security scans

Usage

CLI Commands

# Run all release checks
./scripts/release-check.sh <skill-directory>

# Run with auto-fix mode
./scripts/release-check.sh <skill-directory> --fix

# Quick validation (current directory)
./scripts/release-check.sh .

Check Levels

LevelDescriptionFailure Action
criticalRequired for releaseBlocks release
standardBest practiceWarning
optionalEnhancementSuggestion

Validation Rules

Version Format

  • Must follow semver (e.g., 1.0.0, 1.2.3-beta.1)
  • Version must increment from previous release

Documentation Requirements

  • README.md must exist
  • SKILL.md must exist
  • No Chinese characters in documentation
  • All headings properly capitalized

Security Checks

  • No hardcoded secrets
  • No vulnerable dependencies
  • Safe file permissions (644 for files, 755 for executables)

Output

The tool produces a JSON report:

{
  "skill": "example-skill",
  "version": "1.2.0",
  "timestamp": "2024-03-12T09:00:00Z",
  "checks": {
    "security": { "status": "pass", "issues": 0 },
    "docs": { "status": "pass", "issues": 0 },
    "version": { "status": "pass", "issues": 0 },
    "deps": { "status": "pass", "issues": 0 }
  },
  "overall": "pass",
  "warnings": [],
  "errors": []
}

Exit Codes

  • 0 - All checks passed
  • 1 - One or more checks failed
  • 2 - Invalid arguments or skill not found

Limitations

  • Does not execute skill code (use testing framework for that)
  • Cannot verify runtime behavior
  • Does not check external API availability

Related Skills

Version tags

latestvk97d8ak4fekv4my4padmmw5c8h82va8d