ClawHub

Nex Changelog

v1.0.0

Professional changelog and release notes generator for client-facing software releases and updates. Automatically parse git commit history using conventional...

1· 24·0 current·0 all-time
byNex AI@nexaiguy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (changelog & release notes) align with required binaries (python3, git), the CLI, and the git-parsing + sqlite storage implementation. Minor inconsistency: registry/metadata labels the skill as 'instruction-only' yet the package includes multiple code files and a setup.sh installer — practical but inconsistent metadata.
Instruction Scope
SKILL.md and the CLI commands instruct only local actions (reading git repos, writing to a local SQLite DB, exporting formatted text). The instructions and code reference only filesystem paths and git; they do not request or send data to external services. The tool does ask the user to provide repo paths, which means it can read any repository the user points it at (expected for this purpose).
Install Mechanism
There is no remote download/install step; setup.sh is included and is an idempotent local installer that creates ~/.nex-changelog and installs a wrapper into ~/.local/bin. This is low-risk, but you should inspect/approve setup.sh before running because it will add files to your home directory and PATH.
Credentials
The skill requests no environment variables or external credentials. It stores project metadata and optional client emails in a local SQLite DB under the user's home directory — appropriate for the stated functionality.
Persistence & Privilege
The installer creates a data directory (~/.nex-changelog) and a CLI wrapper in ~/.local/bin, which grants persistent, per-user presence (normal for a CLI tool). always: false (no forced global persistence). This is expected behavior for a local CLI but is a permanent change that the user should be aware of.
Assessment
This package appears to be a local, self-contained CLI for generating changelogs and release notes. Before installing: (1) review setup.sh (it writes to ~/.nex-changelog and installs a wrapper in ~/.local/bin), (2) ensure you only point the tool at repositories you trust (it will read any repo path you provide), and (3) test it in a safe environment if you have concerns. Note: the registry metadata claims 'instruction-only' though code and installer are included; this metadata mismatch is benign but worth noting. Also expect some runtime issues (minor parsing/implementation bugs visible in the source) — no network calls or credential exfiltration were found.

Like a lobster shell, security has layers — review code before you run it.

latestvk9712paqxjjany659kjgpsq81x849k9p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📜 Clawdis
Binspython3, git

Comments