Run, debug, monitor, and summarize OpenClaw release CI workflows.
Overall this appears to be an open-source, widely adopted, prompt-only skill with no required secrets or explicit external endpoints, so baseline risk is low. The main watchout is that it orchestrates GitHub Actions/gh commands and local validation steps, which are normal tool capabilities rather than a standalone high-risk red flag.
The material states no required secrets or environment variables; it only mentions reading/validating provider secrets, without requiring the skill itself to hold sensitive credentials, so credential risk is low.
No custom remote host is listed, but it does interact with GitHub via gh/workflows and may reach declared provider-check flows; this is normal network egress, with no unknown endpoint or unusual data exfiltration indicated.
The skill triggers local scripts, gh commands, and workflow dispatches, giving it ordinary local execution/process-calling ability; no extra system privileges beyond release validation are indicated.
It reads git status, commit hashes, and logs, and may inspect local/CI artifacts and provider status; this is typical release-audit data access, with no sign of excessive read/write scope.
The source is a GitHub open-source repository with extremely high community adoption (377k+ stars) and good visibility; although the license and maintenance status are unclear, there is no sign of closed-source opacity or suspicious prompt injection.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "release-openclaw-ci" skill from askskill: 1. Download https://raw.githubusercontent.com/openclaw/openclaw/main/.agents/skills/release-openclaw-ci/SKILL.md 2. Save it as ~/.claude/skills/release-openclaw-ci/SKILL.md 3. Reload skills and tell me it's ready
Start the full OpenClaw release CI, monitor every stage continuously, and if anything fails, identify the failed step, summarize the error logs, and suggest likely causes.
A status report with CI progress, key stage updates, failed steps, and initial troubleshooting advice.
Run the OpenClaw release checks, including live provider gates, install/update proof verification, and release-secret preflights, then summarize all failed or blocked items.
Results for each release gate, pass/fail reasons, and a risk list of items that need action.
Based on the OpenClaw release CI logs and check results, create a concise summary covering the overall outcome, major issues, impact scope, and recommended next steps.
A team-ready release summary that clearly communicates status and next actions.
Use this with $release-openclaw-maintainer and $openclaw-testing when a release candidate needs full validation, install/update proof, live provider checks, or CI recovery.
$one-password for secret reads/writes: one persistent tmux session, targeted items only, no secret output.gh run view polling loops; REST quota is easy to burn.Before full release validation:
node .agents/skills/release-openclaw-ci/scripts/verify-provider-secrets.mjs --required openai,anthropic,fireworks
gh api rate_limit --jq '.resources.core'
git status --short --branch
git rev-parse HEAD
1Password service-account values are the first source for release provider preflight. Inject those exact targeted keys first, then run the verifier; use ambient env only when it was already intentionally injected for this release. The script prints only provider status and HTTP class, never tokens.
Start product performance evidence as early as the release SHA exists, in parallel with other release work:
gh workflow run openclaw-performance.yml \
--repo openclaw/openclaw \
--ref main \
-f target_ref=<release-sha> \
-f profile=release \
-f repeat=3 \
-f deep_profile=false \
-f live_openai_candidate=false \
-f fail_on_regression=false
Prefer the trusted workflow on main, target the exact release SHA:
gh workflow run full-release-validation.yml \
--repo openclaw/openclaw \
--ref main \
-f ref=<release-sha> \
-f provider=openai \
-f mode=both \
-f release_profile=full \
-f rerun_group=all
Use release_profile=stable unless the operator explicitly asks for the broad advisory provider/media matrix. Use narrow rerun_group after focused fixes.
Publish with openclaw-release-publish.yml using release_profile=from-validation
unless a maintainer intentionally wants to cross-check a specific profile; the
publish workflow reads the effective profile from the full-validation manifest.
Use the summary helper instead of repeated raw polling:
node .agents/skills/release-openclaw-ci/scripts/release-ci-summary.mjs <full-release-run-id>
Then watch only when useful:
gh run watch <full-release-run-id> --repo openclaw/openclaw --exit-status
Stop watchers before ending the turn or switching strategy.
…
Generate shareable code or text diffs for review and collaboration.
Automate OpenClaw nightly releases, branch maintenance, and forward-porting to main.
Debug Node.js apps with inspect, breakpoints, heap, and CPU profiling.
Audit and harden OpenClaw hosts for security and operational health.
List chats, review message history, and send iMessage or SMS from CLI.
Run Parallels smoke tests with Discord roundtrip verification across host and guest.
Prepare and verify OpenClaw stable or beta releases and release notes.
Draft OpenClaw release announcements and testing guidance from release evidence.
Verify an OpenClaw release is fully published and working across all channels.
Run or recover OpenClaw macOS signing, notarization, and release promotion.
Choose and run the safest, cheapest OpenClaw test and validation path.
Run, inspect, debug, and extend OpenClaw QA scenarios and artifacts.