home / skills / prompt-security / clawsec / claw-release
This skill automates releasing Claw skills and validating versions, tags, and CI checks to streamline secure, consistent catalog updates.
npx playbooks add skill prompt-security/clawsec --skill claw-releaseReview the files below or copy the command above to add this skill to your agents.
---
name: claw-release
version: 0.0.1
description: Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.
homepage: https://clawsec.prompt.security
metadata: {"openclaw":{"emoji":"🚀","category":"utility","internal":true}}
clawdis:
emoji: "🚀"
requires:
bins: [git, jq, gh]
---
# Claw Release
Internal tool for releasing skills and managing the ClawSec catalog.
**An internal tool by [Prompt Security](https://prompt.security)**
---
## Quick Reference
| Release Type | Command | Tag Format |
|-------------|---------|------------|
| Skill release | `./scripts/release-skill.sh <name> <version>` | `<name>-v<version>` |
| Pre-release | `./scripts/release-skill.sh <name> 1.0.0-beta1` | `<name>-v1.0.0-beta1` |
---
## Release Workflow
### Step 1: Determine Version Type
Ask what changed:
- **Bug fixes only** → Patch (1.0.0 → 1.0.1)
- **New features, backward compatible** → Minor (1.0.0 → 1.1.0)
- **Breaking changes** → Major (1.0.0 → 2.0.0)
- **Testing/unstable** → Pre-release (1.0.0-beta1, 1.0.0-rc1)
### Step 2: Pre-flight Checks
```bash
# Check for uncommitted changes
git status
# Verify skill directory exists
ls skills/<skill-name>/skill.json
# Get current version
jq -r '.version' skills/<skill-name>/skill.json
```
### Step 3: Run Release Script
```bash
./scripts/release-skill.sh <skill-name> <new-version>
```
The script will:
1. Validate version format (semver)
2. Check tag doesn't already exist
3. Update skill.json version
4. Update SKILL.md frontmatter version (if file exists)
5. Update hardcoded version URLs (feed_url)
6. Commit changes
7. Create annotated git tag
### Step 4: Push Release
```bash
git push && git push origin <skill-name>-v<version>
```
### Step 5: Verify Release
After pushing, the CI/CD pipeline will:
1. Validate skill exists
2. Verify version matches skill.json
3. Verify version matches SKILL.md frontmatter (if exists)
4. Generate checksums from SBOM
5. Create .skill package (ZIP)
6. Create GitHub Release
7. Trigger website rebuild (for non-internal skills)
Verify at:
- **GitHub Releases:** `https://github.com/prompt-security/clawsec/releases/tag/<skill-name>-v<version>`
- **GitHub Actions:** Check workflow run status
---
## Undo a Release (Before Push)
If you need to undo before pushing:
```bash
git reset --hard HEAD~1 && git tag -d <skill-name>-v<version>
```
---
## Pre-release Versions
For beta, alpha, or release candidates:
```bash
./scripts/release-skill.sh <skill-name> 1.2.0-beta1
./scripts/release-skill.sh <skill-name> 1.2.0-alpha1
./scripts/release-skill.sh <skill-name> 1.2.0-rc1
```
Pre-releases are automatically marked in GitHub Releases.
---
## Common Issues
| Error | Solution |
|-------|----------|
| `Tag already exists` | Choose a different version number |
| `Version mismatch in CI` | Ensure you used the release script (not manual tagging) |
| `SKILL.md version mismatch` | Ensure you used the release script which updates both skill.json and SKILL.md |
| `Uncommitted changes` | Commit or stash first: `git stash` or `git add . && git commit` |
| `skill.json not found` | Verify skill directory path is correct |
---
## Internal Skills
Skills with `"internal": true` in their `openclaw` section:
- Are released normally via GitHub Releases
- Are NOT shown in the public skills catalog website
- Can still be downloaded directly from release URLs
This skill (`claw-release`) is an internal skill.
---
## Existing Skills
| Skill | Category | Internal |
|-------|----------|----------|
| clawsec-feed | security | No |
| clawtributor | security | No |
| openclaw-audit-watchdog | security | No |
| soul-guardian | security | No |
| claw-release | utility | Yes |
---
## Verification Checklist
After release, confirm:
- [ ] GitHub Release exists with correct tag
- [ ] Release has: skill.json, SKILL.md, checksums.json, .skill package
- [ ] Release is marked as pre-release if applicable
- [ ] GitHub Actions workflow completed successfully
- [ ] Website updated (for non-internal skills only)
---
## License
GNU AGPL v3.0 or later - See repository for details.
Built by the [Prompt Security](https://prompt.security) team.
This skill automates releases for Claw skills and the ClawSec catalog, guiding maintainers through version bumping, tagging, and post-release verification. It enforces semver, updates skill metadata, creates annotated tags, and integrates with CI to produce release artifacts. The tool is focused on repeatable, auditable releases for both public and internal skills.
The release script validates the new version string, ensures the git tag is unique, updates the skill.json version and the skill frontmatter, and replaces hardcoded versioned URLs. It commits changes, creates an annotated git tag, and pushes the tag to trigger CI. The pipeline then builds checksums, packages a .skill artifact, creates a GitHub Release, and triggers the website rebuild for public skills.
What if the tag already exists?
Choose a new semver-compliant version; the script prevents overwriting existing tags to keep history safe.
How do I undo a release before pushing?
Reset the last commit and delete the local tag, for example: git reset --hard HEAD~1 && git tag -d <skill>-v<version>.