ClawKeeper openclaw-release-maintainer

Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.

install

source · Clone the upstream repo

git clone https://github.com/SafeAI-Lab-X/ClawKeeper

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/SafeAI-Lab-X/ClawKeeper "$T" && mkdir -p ~/.claude/skills && cp -r "$T/clawkeeper-watcher/.agents/skills/openclaw-release-maintainer" ~/.claude/skills/safeai-lab-x-clawkeeper-openclaw-release-maintainer && rm -rf "$T"

OpenClaw · Install into ~/.openclaw/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/SafeAI-Lab-X/ClawKeeper "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/clawkeeper-watcher/.agents/skills/openclaw-release-maintainer" ~/.openclaw/skills/safeai-lab-x-clawkeeper-openclaw-release-maintainer && rm -rf "$T"

manifest: clawkeeper-watcher/.agents/skills/openclaw-release-maintainer/SKILL.md

source content

OpenClaw Release Maintainer

Use this skill for release and publish-time workflow. Keep ordinary development changes and GHSA-specific advisory work outside this skill.

Respect release guardrails

Do not change version numbers without explicit operator approval.
Ask permission before any npm publish or release step.
Use the private maintainer release docs for the actual runbook and
```
docs/reference/RELEASING.md
```
for public policy.

Keep release channel naming aligned

```
stable
```
: tagged releases only, with npm dist-tag
```
latest
```
```
beta
```
: prerelease tags like
```
vYYYY.M.D-beta.N
```
, with npm dist-tag
```
beta
```
Prefer
```
-beta.N
```
; do not mint new
```
-1
```
or
```
-2
```
beta suffixes
```
dev
```
: moving head on
```
main
```
When using a beta Git tag, publish npm with the matching beta version suffix so the plain version is not consumed or blocked

Handle versions and release files consistently

Version locations include:

```
package.json
```
```
apps/android/app/build.gradle.kts
```
```
apps/ios/Sources/Info.plist
```
```
apps/ios/Tests/Info.plist
```

apps/macos/Sources/OpenClaw/Resources/Info.plist

```
docs/install/updating.md
```
Peekaboo Xcode project and plist version fields

“Bump version everywhere” means all version locations above except
```
appcast.xml
```
.
Release signing and notary credentials live outside the repo in the private maintainer docs.

Build changelog-backed release notes

Changelog entries should be user-facing, not internal release-process notes.
When cutting a mac release with a beta GitHub prerelease:
- tag
```
vYYYY.M.D-beta.N
```
  from the release commit
- create a prerelease titled
```
openclaw YYYY.M.D-beta.N
```
- use release notes from the matching
```
CHANGELOG.md
```
  version section
- attach at least the zip and dSYM zip, plus dmg if available
Keep the top version entries in
```
CHANGELOG.md
```
sorted by impact:
- ```
### Changes
```
  first
- ```
### Fixes
```
  deduped with user-facing fixes first

Run publish-time validation

Before tagging or publishing, run:

node --import tsx scripts/release-check.ts
pnpm release:check
pnpm test:install:smoke

For a non-root smoke path:

OPENCLAW_INSTALL_SMOKE_SKIP_NONROOT=1 pnpm test:install:smoke

Use the right auth flow

Core
```
openclaw
```
publish uses GitHub trusted publishing.
Do not use
```
NPM_TOKEN
```
or the plugin OTP flow for core releases.
```
@openclaw/*
```
plugin publishes use a separate maintainer-only flow.
Only publish plugins that already exist on npm; bundled disk-tree-only plugins stay unpublished.

GHSA advisory work

Use
```
openclaw-ghsa-maintainer
```
for GHSA advisory inspection, patch/publish flow, private-fork validation, and GHSA API-specific publish checks.