SR
SKILLRADAR
AI Security • Benchmarking • Index
Menu
Trust Report v1

release-openclaw-mac

Run or recover OpenClaw macOS release signing, notarization, appcast, and asset promotion.

Overall
67
Trust
39
Utility
88
Momentum
95

Install caution

High-risk behavior present

Risk: High

Source: OpenClaw Built-in Skills

Path: .agents/skills/release-openclaw-mac/SKILL.md

Review flags: browser/session access, credential or secret references, filesystem/home-directory access, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Environment variables / secrets
  • Shell commands
  • Filesystem/home access
  • Browser/session access

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

browser_or_session_accessmedium

Mentions browser automation, cookies, sessions, local storage, or browser state.

credential_or_secret_referencehigh

Mentions tokens, API keys, passwords, or private-key style environment variables.

filesystem_write_or_home_accessmedium

Mentions filesystem writes, deletes, home-directory paths, or config/key locations.

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -53 from 4 detected flag(s).
  • Metadata bonus: +2 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 7.
  • Environment variables detected: 2.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • Recent commit activity: latest repo update was 0 day(s) ago.
  • Recent commit volume: 100 commit(s) in the lookback window (+20).
  • Source has strong public adoption: 379781 stars.
  • Fork activity suggests reuse: 79500 forks.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

  • APP_STORE_CONNECT_API_KEY_P8
  • APP_STORE_CONNECT_KEY_ID

Commands

  • $release-openclaw-ci
  • $release-openclaw-maintainer
  • gh release view vYYYY.M.PATCH --repo openclaw/openclaw
  • gh workflow run openclaw-macos-publish.yml --repo openclaw/releases-private --ref main -f tag=vYYYY.M.PATCH -f preflight_only=false -f smoke_test_only=false -f preflight_run_id=<successful-preflight-run> -f validate_run_id=<successful-validation-run> -f allow_late_calver_recovery=false -f public_release_branch=release/YYYY.M.PATCH
  • gh workflow run openclaw-macos-publish.yml --repo openclaw/releases-private --ref main -f tag=vYYYY.M.PATCH -f source_ref=release/YYYY.M.PATCH -f preflight_only=true -f smoke_test_only=false -f allow_late_calver_recovery=false -f public_release_branch=release/YYYY.M.PATCH
  • gh workflow run openclaw-macos-validate.yml --repo openclaw/releases-private --ref main -f tag=vYYYY.M.PATCH -f source_ref=release/YYYY.M.PATCH
  • openclaw/releases-private

URLs

None detected in SKILL.md text scan.

Provenance & evidence

SkillRadar makes each review traceable back to the exact source path, source blob SHA, scanner version, and text-only policy that produced the report.

source
github.com/openclaw/openclaw@main
path
.agents/skills/release-openclaw-mac/SKILL.md
source blob SHA
ce345b1c58e7928f4ec85346c2209c6eee56aa19
scanner version
0.3.0
security model
text_only_no_execute_no_install_no_secrets
scan policy
Fetched and scored as text only; no install, no execution, no runtime loading.

Evidence snippets

credential_or_secret_reference

…w/releases-private`, env `mac-release`. Set only after local notary auth validation: - `APP_STORE_CONNECT_API_KEY_P8` - `APP_STORE_CONNECT_KEY_ID` - `APP_STORE_CONNECT_ISSUER_ID` Do not update these from m…

filesystem_write_or_home_access

…y freshness first. - If notarization stays in progress for several minutes after key-file write, that is normal Apple wait time; do not edit blindly. ## Dispatch Private preflight: `…

browser_or_session_access

…b secrets. ## 1Password - Use `$one-password`: all `op` work inside one persistent tmux session, no secret output. - Use the service-token guidance from `$release-private` when availabl…

shell_command

…`APP_STORE_CONNECT_API_KEY_P8` - `APP_STORE_CONNECT_KEY_ID` - `APP_STORE_CONNECT_ISSUER_ID` Do not update these from mixed sources. All three ASC fields must come from the same 1Password item. ## Workflow Shape - Public release branch may carry mac-only packa

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources