Changelog Curator
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent changelog-drafting skill with disclosed local script use and no evidence of credential use, network exfiltration, persistence, or destructive actions.
This skill looks appropriate for drafting changelogs and release notes. Before installing, note that it can optionally run a local Python helper and write an output file, so keep input/output paths narrow, review public-facing wording manually, and do not treat it as a substitute for formal compliance approval.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent can run local code from this skill and create or overwrite the specified output file.
The skill allows running a bundled local Python helper that reads an input path and writes an output path. This is disclosed and aligned with generating changelog drafts, but users should still review the file paths.
如运行环境允许 shell / exec,可使用:`python3 "{baseDir}/scripts/run.py" --input <输入文件> --output <输出文件>`Run it only on intended changelog or release-note inputs, choose a safe output path, and use dry-run or stdout when you want to review before writing.
You have less external provenance to verify where the bundled script came from.
The registry metadata does not provide a verifiable upstream source. Since the skill includes an executable helper script, this is a provenance item to notice, although the artifacts show no remote installer, hidden dependency, or obfuscation.
Source: unknown; Homepage: https://example.invalid/skills/changelog-curator
Install from a trusted registry source and inspect the bundled script before relying on it in sensitive release workflows.