Back to skill
Skillv1.0.0
ClawScan security
Git Changelog · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 6:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and actions are consistent with its stated purpose of generating changelogs from a git repository.
- Guidance
- This skill appears to do exactly what it says: run git commands, group commits by conventional-commit types, and produce/append a CHANGELOG.md. Before using it, run it in a local git clone (not on a sensitive production tree), review the generated changelog before committing, and ensure you are comfortable with the agent writing to CHANGELOG.md. If you use unconventional commit messages or have a monorepo, test the commands manually first to confirm the output meets your expectations.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: all required actions are git operations and local file output (CHANGELOG.md). No unexplained credentials, binaries, or external services are requested.
- Instruction Scope
- okSKILL.md only instructs the agent to run git commands, parse commit messages, detect breaking changes, and optionally write/append CHANGELOG.md in the repo root. It does not instruct reading unrelated files, contacting external endpoints, or accessing credentials.
- Install Mechanism
- okInstruction-only skill with no install steps, downloads, or code to install—lowest-risk model for this purpose.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The actions operate on the local git repository only, which is proportionate to the stated function.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent system-wide changes. It may write/append to CHANGELOG.md in the project, which is appropriate for a changelog generator.