release-openclaw-nightly
OpenClaw Tideclaw alpha/nightly release automation: isolated branches, local fixes, release CI, branch retention, and forward-port to main.
Install caution
Risk: High
Source: OpenClaw Built-in Skills
Path: .agents/skills/release-openclaw-nightly/SKILL.md
Review flags: browser/session access, filesystem/home-directory access, network access or external URLs, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.
Required permissions
- • Environment variables / secrets
- • Shell commands
- • Network/API usage
- • Filesystem/home access
- • Browser/session access
Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.
Risk flags explained
Mentions browser automation, cookies, sessions, local storage, or browser state.
Mentions filesystem writes, deletes, home-directory paths, or config/key locations.
Mentions external URLs, network APIs, downloads, or HTTP client usage.
Contains shell command snippets. Review commands before copy/paste or agent execution.
Score explanation
Trust
- • Trust starts at 90 before review-signal penalties and metadata bonuses.
- • Risk-signal penalty: -43 from 4 detected flag(s).
- • Metadata bonus: +2 from author/version/description fields.
Utility
- • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
- • Description present: yes.
- • Command examples detected: 25.
- • Environment variables detected: 1.
Momentum
- • Momentum starts at 45 and uses public repo activity signals.
- • Recent commit activity: latest repo update was 0 day(s) ago.
- • Recent commit volume: 100 commit(s) in the lookback window (+20).
- • Source has strong public adoption: 379781 stars.
- • Fork activity suggests reuse: 79500 forks.
Overall
- • Overall score weights trust 45%, utility 35%, and momentum 20%.
Detected signals
Env vars
- • API
Commands
- • from existing git tags, npm versions, and GitHub releases. Select
- • is stuck only on advisory lanes after CI, plugin prerelease, npm preflight, package preparation, and install smoke are green, dispatch a focused Full Release Validation on the same head with
- • , matching npm
- • /usr/local/bin/gh-tideclaw-write
- • GH="/usr/local/bin/gh-tideclaw-write"
- • OPENCLAW_ALLOW_ROOT=1 openclaw cron run "$CRON_ID" --expect-final --timeout 21600000
- • gh
- • gh api
- • gh run list
- • gh run view
- • git add <files>
- • git commit -m "fix: stabilize alpha release preflight"
URLs
None detected in SKILL.md text scan.
Provenance & evidence
SkillRadar makes each review traceable back to the exact source path, source blob SHA, scanner version, and text-only policy that produced the report.
Evidence snippets
…run broad env/token dumps. For GitHub writes on the Tideclaw host, use the Tideclaw `gh` write wrapper below. ## Identity Tideclaw should commit under its own machine identity on rel…
…record why. ## Start 1. Work in the Tideclaw host checkout from `$release-private`. 2. Fetch first: ```bash git fetch origin main --tags --prune git switch main git merge --ff-only…
…d push the branch. 3. Run release validation from the alpha branch, using GitHub CLI, not browser/fetch tools. On the Tideclaw host, bare `gh` is a read-only Codex sandbox wrapper; use `/…
…Never run broad env/token dumps. For GitHub writes on the Tideclaw host, use the Tideclaw `gh` write wrapper below. ## Identity Tideclaw should commit under its own machine identity…
Watch this skill
Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.
Join watchlist betaMethodology note
SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.