ClawHub

pr-description-generator

v1.0.0

Auto-generate pull request descriptions from git diffs and commit history. Parses conventional commits, categorizes changes (features, fixes, refactoring), a...

0· 55·0 current·0 all-time
by@charlie-morrison
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match the included Python script: the tool analyzes git diffs and commit history to generate PR descriptions. One minor mismatch: SKILL.md and the code assume the presence of the git CLI, but the declared requirements list no required binaries — git should be documented as a dependency.
Instruction Scope
SKILL.md instructs the agent/user to run the bundled Python script with optional flags. The script only reads the repository (git commands and file paths) and produces markdown/JSON output (and a --copy option is advertised). There are no instructions to read unrelated system files, to retrieve secrets, or to transmit data externally in the provided content.
Install Mechanism
No install spec is provided (instruction-only plus a bundled script). That minimizes installation risk; the script is executed locally and no external downloads or archive extraction are invoked by the skill itself.
Credentials
The skill requires no environment variables or credentials. The script interacts only with the local git repository. No unrelated tokens, cloud keys, or config paths are requested.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-level privileges. Autonomous invocation is allowed by default on the platform but the skill itself does not ask for escalated privileges or to modify other skills/configs.
Assessment
This skill appears to do what it claims: run a local Python script that uses the git CLI to produce PR descriptions. Before installing/using it: (1) ensure you have git available (the package does not declare git as a required binary but the script calls git); (2) review the full generate_pr_description.py to confirm there are no unexpected commands (especially implementations of --copy or future flags that might call external CLIs); (3) run it in a non-sensitive repository or with a dry-run first if you are concerned about accidentally copying sensitive data to clipboard or writing files; and (4) if you want the skill to create PRs automatically in future (STATUS.md mentions a --gh-create idea), require explicit verification of any code that would call gh/remote APIs. Overall the package is proportionate to its purpose and does not request unrelated credentials or network access in the provided files.

Like a lobster shell, security has layers — review code before you run it.

latestvk9761cyxrzajced346843ygs1x84m90y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments