diff --git a/.github/workflows/full-release-validation.yml b/.github/workflows/full-release-validation.yml
index 0ff484c4fa5..bcacd0d3ece 100644
--- a/.github/workflows/full-release-validation.yml
+++ b/.github/workflows/full-release-validation.yml
@@ -31,6 +31,11 @@ on:
         required: false
         default: ""
         type: string
+      evidence_package_spec:
+        description: Optional published package spec to prove in the private release evidence report
+        required: false
+        default: ""
+        type: string
       npm_telegram_provider_mode:
         description: Provider mode for the optional post-publish Telegram E2E lane
         required: false
@@ -83,6 +88,7 @@ jobs:
           TARGET_SHA: ${{ steps.resolve.outputs.sha }}
           CHILD_WORKFLOW_REF: ${{ github.ref_name }}
           NPM_TELEGRAM_PACKAGE_SPEC: ${{ inputs.npm_telegram_package_spec }}
+          EVIDENCE_PACKAGE_SPEC: ${{ inputs.evidence_package_spec }}
         run: |
           {
             echo "## Full release validation"
@@ -97,6 +103,9 @@ jobs:
             else
               echo "- Post-publish Telegram E2E: skipped because no published package spec was provided"
             fi
+            if [[ -n "${EVIDENCE_PACKAGE_SPEC// }" ]]; then
+              echo "- Private evidence package proof: \`${EVIDENCE_PACKAGE_SPEC}\`"
+            fi
           } >> "$GITHUB_STEP_SUMMARY"
 
   normal_ci:
@@ -352,7 +361,7 @@ jobs:
         env:
           RELEASE_PRIVATE_DISPATCH_TOKEN: ${{ secrets.OPENCLAW_RELEASES_PRIVATE_DISPATCH_TOKEN }}
           TARGET_REF: ${{ inputs.ref }}
-          PACKAGE_SPEC: ${{ inputs.npm_telegram_package_spec }}
+          PACKAGE_SPEC: ${{ inputs.evidence_package_spec || inputs.npm_telegram_package_spec }}
           GITHUB_RUN_ID_VALUE: ${{ github.run_id }}
         run: |
           set -euo pipefail
diff --git a/docs/reference/RELEASING.md b/docs/reference/RELEASING.md
index c1d212331d2..a6b45b14219 100644
--- a/docs/reference/RELEASING.md
+++ b/docs/reference/RELEASING.md
@@ -103,7 +103,10 @@ the maintainer-only release runbook.
   `OpenClaw Release Checks` for install smoke, package acceptance, Docker
   release-path suites, live/E2E, OpenWebUI, QA Lab parity, Matrix, and Telegram
   lanes. Provide `npm_telegram_package_spec` only after a package has been
-  published and the post-publish Telegram E2E should run too. Example:
+  published and the post-publish Telegram E2E should run too. Provide
+  `evidence_package_spec` when the private evidence report should prove that the
+  validation matches a published npm package without forcing Telegram E2E.
+  Example:
   `gh workflow run full-release-validation.yml --ref main -f ref=release/YYYY.M.D`
 - Run the manual `Package Acceptance` workflow when you want side-channel proof
   for a package candidate while release work continues. Use `source=npm` for
@@ -233,7 +236,8 @@ gh workflow run full-release-validation.yml \
   --ref main \
   -f ref=release/YYYY.M.D \
   -f provider=openai \
-  -f mode=both
+  -f mode=both \
+  -f evidence_package_spec=openclaw@YYYY.M.D-beta.N
 ```
 
 The workflow resolves the target ref, dispatches manual `CI` with
@@ -273,6 +277,7 @@ gh workflow run full-release-validation.yml \
   -f ref=release/YYYY.M.D \
   -f provider=openai \
   -f mode=both \
+  -f evidence_package_spec=openclaw@YYYY.M.D-beta.N \
   -f npm_telegram_package_spec=openclaw@YYYY.M.D-beta.N \
   -f npm_telegram_provider_mode=mock-openai
 ```