ClawHub

vue-latest-changelog

v1.0.0

当用户要求查看和整理最新的Vue版本更新信息时,请遵循此规范获取相关内容。

0· 85·0 current·0 all-time
by@aliangtech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise (get latest Vue changelog) matches included script and SKILL.md: the script fetches the Vue CHANGELOG.md from GitHub and writes the first '##' section to assets/latest_changelog.md. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs only to run node scripts/changelog.js from the project root to produce assets/latest_changelog.md. The instructions do not ask for unrelated files, secrets, or broad system access. The script performs a network fetch and writes a file — both are expected for this purpose.
Install Mechanism
No install spec. The skill is instruction-only with one small Node script; there is no external download or package installation. Low install risk.
Credentials
No environment variables, credentials, or config paths are requested. The script uses only standard Node modules (fs, path) and a network fetch to GitHub raw content, which is proportionate to fetching a changelog.
Persistence & Privilege
Skill is not always-on and does not modify other skills or system-wide settings. It writes a single file inside the project (assets/latest_changelog.md), which is normal for its stated purpose.
Assessment
This skill appears to do exactly what it says: it fetches the Vue CHANGELOG.md from GitHub and writes the first '##' section to assets/latest_changelog.md. Before running: (1) verify you have a Node version that provides global fetch (Node 18+ or add a fetch polyfill), (2) ensure the project has an assets/ directory (or create it) because writeFileSync will fail if the directory is missing, (3) inspect the script yourself (it's short and readable) and confirm the URL is the expected GitHub raw URL, and (4) run it in a development or container environment if you want to avoid writing to your main project tree. No credentials are requested and no other suspicious behavior was found.

Like a lobster shell, security has layers — review code before you run it.

latestvk979bw2awbqmwv62f6qxpff8m183wpp2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments