ClawHub

Release Notes

v1.0.0

Generate structured, professional Release Notes / Changelog from a raw commit log. Automatically categorizes commits into Breaking Changes, Features, and Fix...

0· 34·0 current·0 all-time
byXudong Guo@sunny0826
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md only asks the agent to accept raw commit text and produce categorized release notes. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
Instructions are narrowly scoped to parsing and reformatting commit messages. The SKILL.md explicitly forbids fetching external URLs or executing embedded commands and asks the user to paste logs. It does not instruct reading files, accessing system state, or exfiltrating data.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing will be written to disk or fetched at install time.
Credentials
The skill requests no environment variables, credentials, or config paths. Its stated functionality does not require secrets or external service access.
Persistence & Privilege
always is false and there is no install-time persistence. The skill does not request elevated or cross-skill configuration changes.
Assessment
This skill appears coherent and low-risk: it is instruction-only, asks you to paste commit logs, and explicitly forbids fetching external URLs or executing embedded commands. Before using it, do not paste any sensitive tokens, private keys, or internal-only identifiers into the commit text you provide (the skill will treat pasted content as data to reformat). Note that because the skill cannot fetch commit/PR links, any link or commit-hash it includes will be taken from the text you supply or may be represented as a placeholder; the agent may also hallucinate missing details, so verify the generated notes before publishing. If you need the skill to include real PR links or hashes, provide them in the pasted input rather than a repository URL. Finally, although this evaluation is high-confidence, remember that any AI-generated changelog should be reviewed for accuracy and sensitive content before release.

Like a lobster shell, security has layers — review code before you run it.

latestvk974sz0mnyywc9d5rbtv9mj8dn843gvv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments