ClawHub

Changelog

v2.0.0

Changelog - command-line tool for everyday use Use when you need changelog.

0· 306·3 current·3 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to be a changelog command-line tool and the provided bash script implements a local changelog CLI that reads/writes files under $HOME/.local/share/changelog. The requested capabilities (none) are proportional to the stated purpose.
Instruction Scope
SKILL.md describes running commands like `changelog run`, `list`, `add` whereas the script exposes commands such as check, generate, validate, lint, export, status, etc. The documented examples and the script's dispatch table do not fully match — this is a documentation inconsistency that may confuse users or agents but does not indicate malicious behavior. Both doc and script confine operations to the local data directory.
Install Mechanism
There is no install spec and no downloads — the skill is instruction-only with a bundled shell script. No network-based install or external code fetch is present in the repository files shown.
Credentials
No secrets or special environment variables are requested. The script uses the HOME environment variable and a per-user data directory (~/.local/share/changelog) which is appropriate for a local CLI. It does not access unrelated credentials or system configs.
Persistence & Privilege
always is false and the skill does not request system-wide changes or modify other skills. It persists only to its own data directory under the user's home, which is proportional for a CLI tool.
Assessment
This appears to be a straightforward local CLI that creates and manages files under ~/.local/share/changelog and does not reach out to the network or ask for credentials. Before installing or running: (1) note the mismatch between SKILL.md command names (e.g., `run`, `add`) and the script's commands (e.g., `generate`, `check`) — test in a safe environment to confirm the behavior you expect; (2) be aware it will create logs and export files in ~/.local/share/changelog (inspect or back up that directory if it will contain sensitive data); (3) review the full script if you want to confirm there are no surprising operations (the provided snippet shows only local file I/O and common shell utilities). If you want extra caution, run the script inside a container or VM before granting it ongoing access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dqdwrseh8y0t768cdk0rc8s833m8m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments