openclaw-changelog-update
Regenerate OpenClaw release changelog sections from git history before beta or stable releases.
Install caution
Risk: Medium
Source: OpenClaw Built-in Skills
Path: .agents/skills/openclaw-changelog-update/SKILL.md
Review flags: filesystem/home-directory access, network access or external URLs, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.
Required permissions
- • Environment variables / secrets
- • Shell commands
- • Network/API usage
- • Filesystem/home access
Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.
Risk flags explained
Mentions filesystem writes, deletes, home-directory paths, or config/key locations.
Mentions external URLs, network APIs, downloads, or HTTP client usage.
Contains shell command snippets. Review commands before copy/paste or agent execution.
Score explanation
Trust
- • Trust starts at 90 before review-signal penalties and metadata bonuses.
- • Risk-signal penalty: -33 from 3 detected flag(s).
- • Metadata bonus: +2 from author/version/description fields.
Utility
- • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
- • Description present: yes.
- • Command examples detected: 7.
- • Environment variables detected: 1.
Momentum
- • Momentum starts at 45 and uses public repo activity signals.
- • Recent commit activity: latest repo update was 0 day(s) ago.
- • Recent commit volume: 100 commit(s) in the lookback window (+20).
- • Source has strong public adoption: 379781 stars.
- • Fork activity suggests reuse: 79500 forks.
Overall
- • Overall score weights trust 45%, utility 35%, and momentum 20%.
Detected signals
Env vars
- • API
Commands
- • @openclaw
- • node .agents/skills/openclaw-changelog-update/scripts/verify-release-notes.mjs --base <base-tag> --target <target-ref> --version <YYYY.M.PATCH> --manifest /tmp/openclaw-release-<YYYY.M.PATCH>.json --write-ledger
- • node .agents/skills/openclaw-changelog-update/scripts/verify-release-notes.mjs --base <base-tag> --target <target-ref> --version <YYYY.M.PATCH> --release-tag v<YYYY.M.PATCH> --check-github
- • npm view
- • openclaw/imsg#141
- • openclaw/openclaw
- • release-openclaw-maintainer
URLs
None detected in SKILL.md text scan.
Provenance & evidence
SkillRadar makes each review traceable back to the exact source path, source blob SHA, scanner version, and text-only policy that produced the report.
Evidence snippets
…rsion <YYYY.M.PATCH> \ --manifest /tmp/openclaw-release-<YYYY.M.PATCH>.json \ --write-ledger ``` - the manifest is the required input to the rewrite, not an after-the-f…
…eing released. ## Workflow 1. Start on `main` before branching when possible: - `git fetch --tags origin` - `git pull --ff-only` - confirm clean `git status -sb` 2. Audit his…
…complete contribution record and editorial manifest before writing grouped prose: ```bash node .agents/skills/openclaw-changelog-update/scripts/verify-release-notes.mjs \…
Watch this skill
Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.
Join watchlist betaMethodology note
SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.