ClawHub

Releasenotes

v1.0.0

Generate release notes from git commit history using Conventional Commits convention. Categorizes commits into Features, Bug Fixes, Performance, Refactoring,...

0· 48·0 current·0 all-time
by@rogue-agent1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included code: both scripts run 'git log', parse Conventional Commits, and emit Markdown release notes. However, the registry metadata claims 'Required binaries: none' despite the scripts invoking 'git' (and the SKILL.md showing 'python3' usage). This omission is an inconsistency but plausibly an oversight rather than malicious.
Instruction Scope
SKILL.md directs the agent to run the provided Python script against a repository path, optionally with date ranges, version labels, or output file. The scripts only invoke 'git' against the specified path, parse commit messages, and write local output; they do not contact external endpoints, read other unrelated system files, or access environment variables.
Install Mechanism
There is no install spec (instruction-only skill) and the source files are included. No network downloads or archive extraction occur. Note: the repository contains duplicate copies of the same script (root and scripts/), which is unusual but not harmful.
Credentials
The skill declares no environment variables and the code does not read secrets or environment variables. The only external dependency is the git binary (and Python runtime), which is proportional to the stated purpose.
Persistence & Privilege
The skill does not request permanent/always-on presence, does not modify other skills or agent-wide settings, and only writes output to a user-specified file path. Normal autonomous invocation is allowed by platform default but not a specific additional risk here.
Assessment
This skill appears to do what it says: it runs the included Python script which calls 'git log' on a repo and formats release notes. Before installing or running it, ensure you have python3 and the git CLI available, and point it at the intended repository (it will read the full commit history you give it). Because it executes a bundled script, review the script if you are uncomfortable running third-party code; note it may output commit messages (which can contain sensitive information) into files. The duplicate script files are odd but likely harmless; the main real fix would be to update the metadata to declare the 'git' requirement.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bd2x7cz62n5n1st2q50282983q3hq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments