ClawHub

Changelog Watcher

v1.0.0

Monitor GitHub repos and npm packages for new releases and version updates. Summarizes changelogs and highlights breaking changes. Use when the user asks to...

0· 55·0 current·0 all-time
byNew Age Investments@newageinvestments25-byte·duplicate of @newageinvestments25-byte/nai-changelog-watcher
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (monitor GitHub and npm for releases, summarize changelogs) matches the included scripts and runtime instructions. The watchlist/state files, GitHub API calls, and npm registry calls are exactly what you'd expect for this functionality.
Instruction Scope
SKILL.md instructs the agent and user to create/edit watchlist.json, run compare_versions.py and format_report.py, and optionally schedule a cron job. The scripts read/write only local files in the skill workspace (watchlist.json, state.json) and call public APIs (api.github.com, registry.npmjs.org). No instructions ask the agent to read unrelated system files or exfiltrate data. Note: the guide mentions an optional GITHUB_TOKEN to raise rate limits, which is reasonable but is not required.
Install Mechanism
This is an instruction-only skill with bundled Python scripts and no install spec or external downloads. Nothing is written to disk by an installer; risk from installation is low.
Credentials
The skill declares no required environment variables. The documentation correctly calls out an optional GITHUB_TOKEN to increase rate limits; that optional credential is proportional and justified. No other secrets or unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request elevated or cross-skill privileges. It writes state.json and (when scheduled) report files inside its own workspace — this is expected behavior for a watcher and scoped to the skill's directory.
Assessment
This skill appears to do what it says, but review these practical points before installing: 1) Inspect and edit assets/watchlist.example.json to create your watchlist.json so you only monitor repos/packages you intend. 2) The scripts read/write state.json in ~/.openclaw/workspace/skills/changelog-watcher — back it up if you care about previous state. 3) GitHub rate limits apply (60/hr unauthenticated); provide a GITHUB_TOKEN only if you trust the runtime environment. 4) The bundled scripts are Python; ensure the environment's python3 is recent enough (some type hints suggest Python 3.9+). 5) If scheduling via cron, create the reports directory with appropriate permissions to avoid overwriting sensitive data. 6) As always, run the scripts in an environment/network you control and review the included scripts (they are short, human-readable) before granting network access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dvsyazwzzjh54vznjz62gvx83xrwz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments