Clawsec claw-release
Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.
install
source · Clone the upstream repo
git clone https://github.com/prompt-security/clawsec
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/prompt-security/clawsec "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/claw-release" ~/.claude/skills/prompt-security-clawsec-claw-release && rm -rf "$T"
manifest:
skills/claw-release/SKILL.mdsource content
Claw Release
Internal tool for releasing skills and managing the ClawSec catalog.
An internal tool by Prompt Security
Operational Notes
- Internal maintainer workflow only.
- Required runtime:
,bash
,git
,jqgh - Required credentials: authenticated GitHub CLI with permission to create releases
- Side effects: creates commits, tags, pushes to remote, and publishes GitHub Releases
- Trust model: run only from a trusted checkout with a clean working tree and maintainer approval
Quick Reference
| Release Type | Command | Tag Format |
|---|---|---|
| Skill release | | |
| Pre-release | | |
Release Workflow
Step 1: Determine Version Type
Ask what changed:
- Bug fixes only → Patch (1.0.0 → 1.0.1)
- New features, backward compatible → Minor (1.0.0 → 1.1.0)
- Breaking changes → Major (1.0.0 → 2.0.0)
- Testing/unstable → Pre-release (1.0.0-beta1, 1.0.0-rc1)
Step 2: Pre-flight Checks
# Check for uncommitted changes git status # Verify skill directory exists ls skills/<skill-name>/skill.json # Get current version jq -r '.version' skills/<skill-name>/skill.json
Step 3: Run Release Script
./scripts/release-skill.sh <skill-name> <new-version>
The script will:
- Validate version format (semver)
- Check tag doesn't already exist
- Update skill.json version
- Update SKILL.md frontmatter version (if file exists)
- Update hardcoded version URLs (feed_url)
- Commit changes
- Create annotated git tag
Step 4: Push Release
git push && git push origin <skill-name>-v<version>
Step 5: Verify Release
After pushing, the CI/CD pipeline will:
- Validate skill exists
- Verify version matches skill.json
- Verify version matches SKILL.md frontmatter (if exists)
- Generate checksums from SBOM
- Create .skill package (ZIP)
- Create GitHub Release
- Trigger website rebuild (for non-internal skills)
Verify at:
- GitHub Releases:
https://github.com/prompt-security/clawsec/releases/tag/<skill-name>-v<version> - GitHub Actions: Check workflow run status
Undo a Release (Before Push)
If you need to undo before pushing:
git tag -d <skill-name>-v<version> git reset --soft HEAD~1
git reset --softPre-release Versions
For beta, alpha, or release candidates:
./scripts/release-skill.sh <skill-name> 1.2.0-beta1 ./scripts/release-skill.sh <skill-name> 1.2.0-alpha1 ./scripts/release-skill.sh <skill-name> 1.2.0-rc1
Pre-releases are automatically marked in GitHub Releases.
Common Issues
| Error | Solution |
|---|---|
| Choose a different version number |
| Ensure you used the release script (not manual tagging) |
| Ensure you used the release script which updates both skill.json and SKILL.md |
| Commit or stash first: |
| Verify skill directory path is correct |
Internal Skills
Skills with
"internal": trueopenclaw- Are released normally via GitHub Releases
- Are NOT shown in the public skills catalog website
- Can still be downloaded directly from release URLs
This skill (
claw-releaseExisting Skills
| Skill | Category | Internal |
|---|---|---|
| clawsec-feed | security | No |
| clawtributor | security | No |
| openclaw-audit-watchdog | security | No |
| soul-guardian | security | No |
| claw-release | utility | Yes |
Verification Checklist
After release, confirm:
- GitHub Release exists with correct tag
- Release has: skill.json, SKILL.md, checksums.json, .skill package
- Release is marked as pre-release if applicable
- GitHub Actions workflow completed successfully
- Website updated (for non-internal skills only)
License
GNU AGPL v3.0 or later - See repository for details.
Built by the Prompt Security team.