Skills
skills/prompt-security/clawsec/claw-release/Gen Agent Trust Hub

claw-release

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents and triggers the execution of system binaries including git, jq, and gh (GitHub CLI) to perform release tasks such as committing changes, tagging versions, and pushing to remote repositories.
  • [COMMAND_EXECUTION]: The workflow relies on a local script located at ./scripts/release-skill.sh. While the contents of this script were not provided for analysis, the documentation clearly states its purpose is to automate version bumping and manifest updates.
  • [SAFE]: The skill follows security best practices by including a .clawhubignore file that explicitly excludes sensitive local data such as .env files, .git directories, and credentials from being bundled.
  • [SAFE]: The tool's network activity is limited to pushing code and releases to GitHub, which is an expected and documented behavior for a release management skill.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:49 AM