ClawHub

Changelog Watcher

v1.0.0

Monitor GitHub repos and npm packages for new releases and version updates. Summarizes changelogs and highlights breaking changes. Use when the user asks to...

0· 59·0 current·0 all-time
byNew Age Investments@newageinvestments25-byte
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual code: scripts query the GitHub Releases API and the npm registry, compare versions against a user watchlist, and render markdown reports. No unrelated services, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are narrowly scoped to watchlist.json/state.json and running the included scripts. The only minor inconsistency: the setup guide suggests supplying a GITHUB_TOKEN to increase rate limits, but the included check_github.py does not read or use a token/Authorization header.
Install Mechanism
No install spec or external downloads; this is an instruction/code-only skill consisting of small Python scripts. Nothing will be fetched or executed from arbitrary URLs during install.
Credentials
The skill declares no required environment variables or credentials (and the scripts work without them). The docs mention GITHUB_TOKEN to raise rate limits, but the code doesn't implement it — so no secret is required by the current code. The scripts read/write state.json in their own skill directory.
Persistence & Privilege
No elevated privileges requested. The skill writes a local state.json in its own workspace and can be scheduled via cron as documented. always:false and normal autonomous invocation are used.
Assessment
This skill appears to do exactly what it says: poll public GitHub and npm endpoints, compare against a user-created watchlist, and produce markdown reports. Before installing: (1) be aware it will create and update state.json in ~/.openclaw/workspace/skills/changelog-watcher/ (used to track last-seen versions); (2) the setup docs mention using a GITHUB_TOKEN to increase rate limits, but the shipped scripts do not read or send that token — if you have many repos you may need to modify check_github.py to add an Authorization header (or accept lower unauthenticated rate limits); (3) review the scripts if you plan to add private repositories or pass any credentials — avoid pasting tokens into files you haven't audited. Otherwise this skill is self-contained and proportionate to its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk9711ax1rm07gbkzzptpvm4yy583mdpz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments