pr-shipPre-ship risk report for OpenClaw PRs. Dynamically explores the codebase to assess module risk, blast radius, and version-specific gotchas. Scores each findi...
Install via ClawdBot CLI:
clawdbot install Glucksberg/pr-shipPre-ship risk report for OpenClaw pull requests.
This skill is updated frequently to track OpenClaw releases. The version-specific context (gotchas, behavioral changes, active risk areas) is refreshed with each upstream release. Run clawhub update pr-ship periodically to get the latest context.
What it does:
main in the OpenClaw repository.Load these files from the references/ directory. Each serves a distinct purpose:
STABLE-PRINCIPLES.md -- Timeless OpenClaw coding standards: testing guide, file naming, safety invariants, common pitfalls, PR practices.ARCHITECTURE-MAP.md -- OpenClaw structural context: module hierarchy, risk tier definitions with calibrated thresholds, critical path patterns, cross-module coupling, change impact matrix.CURRENT-CONTEXT.md (optional) -- Version-specific gotchas, recent behavioral changes, and active risk areas. If this file exists, load it. It tracks the current OpenClaw release.EXPLORATION-PLAYBOOK.md -- Dynamic investigation procedures. Read-only commands (grep, find, ls, git) that discover the current state of the OpenClaw codebase.VISION-GUIDELINES.md -- Project vision, contribution policy, and merge guardrails derived from OpenClaw's VISION.md. Covers PR scope rules, security philosophy, plugin/core boundary, skills policy, MCP strategy, and the explicit "will not merge" list. Use this to catch policy and architectural misalignment.STABLE-PRINCIPLES, ARCHITECTURE-MAP, EXPLORATION-PLAYBOOK, and VISION-GUIDELINES should always be present. CURRENT-CONTEXT is optional -- if missing, the skill still works but without version-specific gotcha awareness.
maingit branch --show-currentgit diff --name-only main...HEADgit diff main...HEADsrc// path.Minor observation, style preference, or informational note. Safe to ship as-is.
Partial mismatch, ambiguity, missing hardening, or non-blocking inconsistency. Worth reviewing but unlikely to cause breakage.
Clear conflict with OpenClaw coding standards, architecture patterns, or version-specific constraints. Likely to cause bugs, regressions, or policy violations.
Scoring:
final_alert_score = max(per_finding_scores). If no findings, final_alert_score = 0.## pr-ship report
- Branch: `<current-branch>`
- Base: `main`
- Files changed: `<N>`
- Modules touched: `<list with risk tiers>`
- Findings: `<N>`
- Final alert score: `<0-10>`
### Module Risk Summary
| Module | Risk Tier | Consumers | Files Changed |
| --- | --- | --- | --- |
| <module> | CRITICAL/HIGH/MEDIUM/LOW | <N> | <N> |
### Findings
1. 🟢/🟡/🔴 Title
- Alert: `<1-10>`
- Reference: `<principle, gotcha, or pattern from reference docs>`
- Evidence in diff: `<file + short snippet/description>`
- Exploration evidence: `<what dynamic investigation revealed>`
- Why this matters: `<1-2 lines>`
- Suggested fix: `<1-2 concrete actions>`
(repeat)
### Executive summary
- `<short practical summary for decision>`
- `<top 1-3 actions before publishing PR>`main.CURRENT-CONTEXT.md metadata is refreshed daily via cron when OpenClaw upstream CHANGELOG.md changes. GitHub repo is updated separately by the maintainer.# Quick: compare file list + versions
diff <(clawhub list | grep pr-ship) <(curl -s https://api.github.com/repos/Glucksberg/pr-ship/contents/package.json | jq -r '.content' | base64 -d | jq -r .version)
# Full: diff your local install against GitHub
SKILL_DIR="$(find ~/.openclaw/skills -maxdepth 1 -name pr-ship -type d 2>/dev/null || echo skills/pr-ship)"
for f in SKILL.md package.json references/CURRENT-CONTEXT.md; do
diff <(cat "$SKILL_DIR/$f") <(curl -s "https://raw.githubusercontent.com/Glucksberg/pr-ship/main/$f") && echo "$f: ✔ match" || echo "$f: ✘ differs"
doneReports generated by this skill may include diffs and grep output from your local repository. If your config files, environment, or code contain secrets (API keys, tokens, credentials), those values may appear in the report. Do not publish or share generated reports without reviewing them for sensitive data first.
Original DEVELOPER-REFERENCE.md format and approach adapted from mudrii's developer reference methodology. The dynamic exploration approach was designed based on feedback from the OpenClaw maintainer community.
Generated Mar 1, 2026
Developers working on the OpenClaw open-source repository use this skill to automatically analyze their pull requests before merging. It dynamically assesses code changes against project standards, architecture, and version-specific risks, helping maintain code quality and prevent regressions in a collaborative environment.
Teams integrate this skill into their CI/CD pipelines to automatically generate risk reports for each pull request. It provides structured feedback on severity, blast radius, and compliance with coding principles, enabling faster and safer code reviews without manual gatekeeping.
When refactoring critical modules in OpenClaw, developers run this skill to evaluate the impact of changes across the codebase. It identifies coupling patterns, consumer counts, and potential gotchas, ensuring refactoring does not introduce unintended side effects or break existing functionality.
New contributors to OpenClaw use this skill to self-review their first pull requests. It educates them on project standards, architecture, and common pitfalls by providing evidence-backed findings, helping them align with the project's vision and reduce review cycles.
Before cutting a new release of OpenClaw, maintainers run this skill on the release branch to audit all changes since the last version. It highlights high-risk findings and version-specific issues, ensuring the release is stable and compliant with project policies.
Offer the skill as a free, open-source tool for the community, while providing paid consulting, customization, and support services for enterprises. Revenue comes from support contracts, training, and integration assistance for teams adopting the skill in their workflows.
Host the skill as a cloud-based service that integrates with GitHub, GitLab, or other version control systems. Charge subscription fees based on the number of repositories, users, or analysis runs, providing automated risk reports and dashboards for development teams.
Sell enterprise licenses to large organizations for internal deployment of the skill within their private codebases. Revenue is generated through one-time licensing fees or annual renewals, with added value from customization to match company-specific coding standards and architecture.
💬 Integration Tip
Integrate this skill into your CI/CD pipeline by running it as a pre-merge check; ensure you regularly update the skill with 'clawhub update pr-ship' to maintain version-specific context and accuracy.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.