Safety Report

Changelog

Name: Changelog
Author: xueyetianya

Generates changelogs by parsing commits, grouping versions, detecting breaking changes, and exporting markdown or JSON using conventional commits.

38Downloads

0Installs

0Stars

3Versions

Documentation1,163 Networking & DNS1,102 Git & Version Control784

Security Analysis

high confidence

Suspicious0.04 risk

The skill is harmless in practice (local file operations only) but its description overstates functionality — it claims commit parsing and conventional-commits support while the shipped script is just a simple local item logger, which is an incoherence you should be aware of.

Mar 15, 20262 files2 concerns

Purpose & Capabilityconcern

The skill's name/description advertise commit parsing, version grouping, detection of breaking changes, and conventional-commits support. The included script never touches git or commits and only provides a small local item list/history manager. That mismatch suggests the skill is incomplete or misleading about its capabilities.

Instruction Scopenote

SKILL.md and the script are consistent about commands, data location (~/.local/share/changelog), and behavior: run, list, add, status, export. The instructions do not perform or request any system-wide reads, network calls, or credentials. However, the documentation claims extra functionality (parsing commits) that the runtime instructions/code do not implement.

Install Mechanismok

There is no install spec; the skill is instruction-only plus a small shell script. Nothing is downloaded or written beyond creating its own data directory under the user's XDG_DATA_HOME/HOME.

Credentialsok

The skill requests no environment variables, no credentials, and no config paths beyond its own data directory. The only runtime dependency observed is an optional python3 invocation for JSON export, which reads only the local items file.

Persistence & Privilegeok

The skill does not request always: true, does not modify other skills or global agent settings, and only creates/uses files under ~/.local/share/changelog (its own data dir).

Guidance

This skill appears safe to run: it only reads/writes files under your home data dir and spawns python3 during export. However, it is misleading: the README claims Git commit parsing and conventional-commits features that the included script does not implement. If you intended to use it for automated changelog generation from git history, do not rely on this skill as-is — either inspect and extend the script yourself or use a known tool (e.g., conventional-changelog, git-cliff). Also note there's no homepage or known publisher metadata, so verify the code and provenance before using it in CI pipelines or granting it broader access.

Latest Release

v1.0.2

Standards compliance: unique content, no template text

More by @xueyetianya

Gpt

0 stars

Campaign

0 stars

Orders

0 stars

Trend

0 stars

Passgen

0 stars

Nlp

0 stars

Published by @xueyetianya on ClawHub