← Back to Skills Marketplace
Product Changelog
by
Ömer Karışman
· GitHub ↗
· v0.1.5
675
Downloads
0
Stars
3
Active Installs
2
Versions
Install in OpenClaw
/install product-changelog
Description
Product changelog and release notes that users actually read. Covers categorization, user-facing language, visuals, and distribution. Use for: release notes,...
Usage Guidance
This skill is an instruction-only helper for writing changelogs and optionally generating visuals via the third-party inference.sh CLI. Before running anything: (1) verify you trust the inference.sh domain and the dist.inference.sh checksums rather than blindly running curl | sh; consider manual download and checksum verification; (2) be aware infsh login will create credentials for that external service — treat those like any API key; (3) if you prefer safer testing, run the install and visual-generation commands in an isolated environment (container or VM); (4) if you need stronger assurance, ask the publisher for an authoritative homepage or code repo (the skill lists no source/homepage). If the inference.sh domain or the referenced app names are unfamiliar or untrusted, treat the install step as potentially risky.
Capability Analysis
Type: OpenClaw Skill
Name: product-changelog
Version: 0.1.5
The skill is classified as suspicious due to two main factors. First, the `SKILL.md` instructs users to install the `inference.sh` CLI via `curl -fsSL https://cli.inference.sh | sh`. While the skill includes a disclaimer about the script's safety, this 'pipe to shell' method is an inherent supply chain risk, as it executes arbitrary code from a remote source without prior inspection. Second, the skill allows the agent to use `infsh app run infsh/agent-browser` to visit arbitrary URLs and take screenshots. This capability, while intended for legitimate purposes like generating feature visuals, introduces a potential Server-Side Request Forgery (SSRF) or information disclosure vulnerability if the agent is prompted to visit malicious or internal network URLs without proper input sanitization or sandboxing. There is no direct evidence of malicious intent, but these practices present significant security risks.
Capability Assessment
Purpose & Capability
Name/description (writing changelogs, release notes, visuals) matches the instructions: the SKILL.md focuses on writing guidance plus generating visuals via inference.sh commands. The external visual-generation steps are coherent with the stated purpose.
Instruction Scope
SKILL.md stays on-topic: formatting guidance, categories, versioning, and examples for generating images via infsh app run. It does not instruct reading unrelated files, exporting secrets, or contacting endpoints outside of the visual/CLI workflow.
Install Mechanism
The skill itself has no install spec (lowest risk), but the runtime docs recommend piping a remote install script (curl https://cli.inference.sh | sh) and running infsh commands that fetch/execute apps. This is expected for the described visual generation, but piping a remote script is higher-risk in general — the doc claims checksums are available at dist.inference.sh which mitigates risk if verified.
Credentials
The skill declares no required env vars or credentials. It shows commands like infsh login which imply separate credentials to the inference.sh service, but the skill does not request unrelated secrets or multiple external credentials.
Persistence & Privilege
No persistent/install behavior is declared in the registry; always is false and the skill does not request elevated or cross-skill configuration changes. Autonomy (model invocation) is allowed by default but not combined with other red flags.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install product-changelog - After installation, invoke the skill by name or use
/product-changelog - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.5
- Initial release of product-changelog skill for generating user-friendly product changelogs and release notes.
- Provides clear guidelines for categorizing changes (New, Improved, Fixed, Removed, Security).
- Emphasizes user-facing language and benefits over internal technical details.
- Offers templates and examples for changelog structure, visual changelogs, and social media snippets.
- Includes instructions for generating visuals and distributing release notes across various channels.
v0.1.0
Initial release — product-changelog 0.1.0
- Provides clear guidelines for writing user-friendly changelogs and release notes.
- Includes best practices for categorizing changes (New, Improved, Fixed, Removed, Security).
- Offers templates for changelog structure, visuals, versioning, and distribution channels.
- Details rules for user-facing language, frequency, and common mistakes to avoid.
- Supports visual changelog generation using inference.sh CLI commands.
Metadata
Frequently Asked Questions
What is Product Changelog?
Product changelog and release notes that users actually read. Covers categorization, user-facing language, visuals, and distribution. Use for: release notes,... It is an AI Agent Skill for Claude Code / OpenClaw, with 675 downloads so far.
How do I install Product Changelog?
Run "/install product-changelog" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Product Changelog free?
Yes, Product Changelog is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Product Changelog support?
Product Changelog is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Product Changelog?
It is built and maintained by Ömer Karışman (@okaris); the current version is v0.1.5.
More Skills