🧪

Skill Provenance: Version Tracking for OpenClaw Skill Bundles

A free OpenClaw community skill candidate for keeping Agent Skill bundles traceable with manifests, changelogs, SHA-256 hashes, and stale-file checks across chat, CLI, IDE, and registry workflows.

May 23, 2026
Status & Access
Current access and latest update details.
Access
Free
Updated
Jul 7, 2026, 01:29 AM

LinkLoot AI review

Tool has value, start small

AI take: 59/100
Quick look at value, setup, permissions, and everyday caveats.

My take: Skill Provenance: Version Tracking for OpenClaw Skill Bundles is interesting as a code/tool candidate, but only with a throwaway project, test data, and tightly scoped permissions. Then judge whether install, startup, and core function fit your setup.

Direct value

Can save time as a small tool if it fits your workflow and you start with test data.

Check first

Do not start with real tokens, private repos, or production data.

What you get
  • The practical value shows up in your own mini test: install it, start it, and compare it with a harmless example.
What to watch
  • Before relying on it, check install, startup, and permissions against your setup.

Automated AI review. Decision aid, not a safety guarantee. · 2026-06-08 17:09:57 UTC

What it does

Skill Provenance is an author-side metaskill for Agent Skill bundles. It documents a portable MANIFEST.yaml, CHANGELOG.md, per-file version metadata, and SHA-256 hash checks so a skill's SKILL.md, evals, scripts, references, and packaged copies can be tracked across sessions and platforms. The upstream source describes it as free and open with an MIT license.

Who should use it

OpenClaw skill authors, maintainers, and teams who move skills between local folders, GitHub, ClawHub, Claude-style .skill packages, Codex/Gemini-compatible strict copies, or multiple agent sessions. It is most useful when bundle drift, stale evals, renamed files, or unclear handoffs are a recurring problem.

Setup surface

The published surface is a community OpenClaw skill on ClawHub with canonical source at the public GitHub repository. The bundle includes SKILL.md, README.md, MANIFEST.yaml, CHANGELOG.md, eval files, validate.sh, and package.sh according to the fetched manifest. Treat installation commands and scripts in the source as review material only until Runner AI Review finishes. Pricing evidence from the upstream GitHub README states it is free and open; license evidence points to MIT.

Risk notes

This is not yet claimed as tested, safe, clean, recommended, or production-ready by LinkLoot. The concept relies on local file inventory and hash checks, but the upstream source itself notes that a manifest is not a cryptographic signature or trust anchor. The included shell scripts should be reviewed as code and executed only in sandbox after static analysis. Because the skill is designed to edit manifests/changelogs and package derived copies, Runner should verify it does not mutate unrelated files, read broad home/config/SSH paths, or follow embedded source instructions beyond the user's explicit task.

Source links

Discussion

Sign in to join the discussion and vote on comments.

No comments yet. Start the discussion.
Keep exploring

More from this topic

More in OpenClaw