Ownership. These skills are owned and maintained by
agent-bom. OpenClaw and ClawHub are distribution surfaces — they package and surface agent-bom skills for installation; the implementation, version, security review, and release cadence stay with agent-bom.
agent-bom keeps the public ClawHub surface intentionally small.
Published skills:
agent-bom-scanagent-bom-registryagent-bom-complianceagent-bom-runtimeagent-bom-discover-awsagent-bom-discover-azureagent-bom-discover-gcpagent-bom-discover-snowflakeagent-bom-ingestagent-bom-vulnerability-intel
These are the only skills pushed by release automation. They are:
- focused enough for individual and team use
- small enough to review and understand quickly
- explicit about credentials, file reads, network calls, and guardrails
Not published to ClawHub:
- the oversized omnibus root skill in
SKILL.md - internal or narrower sub-skills such as
discover,analyze,enforce,monitor,scan-infra, andtroubleshoot
Reason:
- public marketplace skills should be curated, guardrailed, and easy to audit
- broader internal skill composition can stay in-repo without becoming the default public install surface
When updating versions for release, update only the published skill frontmatter unless a private/internal skill is intentionally being prepared for publication: