Skillv1.0.0

ClawScan security

App Store Changelog · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 17, 2026, 2:47 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and instructions match its stated purpose (collect git commits and draft App Store release notes); it is instruction-only and contains a simple git-based collection script — nothing in the bundle appears malicious, but it will read and print repository history and paths so review sensitivity of that data before running.
Guidance: This skill appears to be what it says: it runs a small git-based script to list commits and touched files and then drafts App Store release notes. Before installing or running it, be aware that: (1) the script requires git but the metadata doesn't declare that — ensure git is available where the agent runs; (2) the script will print the repository root, commit messages, and file paths, so sensitive data in commit messages or filenames could be exposed; (3) run it only on repositories you trust or in an environment where viewing repo history is acceptable. If you want extra caution, inspect the commit output produced by scripts/collect_release_changes.sh before allowing the agent to summarize or transmit those contents, or run the script locally yourself and paste only the needed output into the agent.

Review Dimensions

Purpose & Capability: noteThe name/description match the included assets: SKILL.md describes collecting git history and summarizing user-facing changes, and the repo includes a script that runs git to produce commits and touched files. Minor inconsistency: the skill metadata lists no required binaries, but the script requires git to run; declaring git as a required binary would be expected.
Instruction Scope: noteSKILL.md instructs the agent to run scripts/collect_release_changes.sh from the repo root and to triage commits/files to create release notes. The collection script prints the repo root, commit messages, and file paths — expected for this task, but it may expose sensitive file paths, commit messages, or other repository contents if present. There are no instructions to read unrelated system files or transmit data to external endpoints.
Install Mechanism: okThere is no install spec and the skill is instruction-only with a small bundled shell script. Nothing is downloaded or written to disk by the skill itself; risk from installation is minimal.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The script simply runs git commands in the repo — its permissions are proportional to producing a changelog.
Persistence & Privilege: okalways is false and the skill is user-invocable. The skill does not request persistent presence or modify other skills or system configs. It does not write files or install services.