Commit Message Writer
v1.0.0Generate Conventional Commit messages, PR titles, and summaries from git diffs, code snippets, or change descriptions for any project or language.
⭐ 0· 85·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the SKILL.md instructions. The skill only describes how to produce commit messages, PR titles, and summaries from diffs, code, or descriptions and does not request unrelated binaries, credentials, or config paths.
Instruction Scope
Most instructions are narrowly scoped to parsing diffs/descriptions and producing commit messages/PR summaries. However, the 'Self-improvement instructions' ask the agent to 'note' input type for each use and, after 20 uses, surface common missing context — this implicitly requires counting or storing per-use metadata across runs. The document does not say where or how that state is stored or reported, which is ambiguous.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk by the skill itself based on the provided metadata.
Credentials
The skill requires no environment variables, credentials, or config paths and the instructions do not reference any external credentials or unrelated environment details.
Persistence & Privilege
The skill does not request always:true or any system-level privileges. The only persistence concern is the implicit requirement to track usage (count of inputs and common missing context). It's unclear whether that uses the agent's memory API, local storage, or external telemetry — you should confirm where that metadata would be stored and who can read it.
Assessment
This skill appears coherent for generating Conventional Commit messages and PR summaries and asks for nothing unusual. Before installing, confirm how the agent will implement the 'note/after 20 uses' behavior: will it store counts in the agent's memory, write files locally, or send telemetry to an external service? Decide whether you are comfortable with that storage. Never paste secrets, API keys, or private credentials into diffs or code snippets you provide to the skill. If you are concerned about any persistent tracking, ask the platform how skills persist memory and consider disabling autonomous invocation or limiting the skill's access to agent memory. If you need stronger assurance, request the skill author supply an explicit storage policy or remove the self-improvement instruction.Like a lobster shell, security has layers — review code before you run it.
latestvk97byk8t6tymf42bfcn3n6f2tx83dpg5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.