← 返回 Skills 市场
Product Changelog
作者
Ömer Karışman
· GitHub ↗
· v0.1.5
675
总下载
0
收藏
3
当前安装
2
版本数
在 OpenClaw 中安装
/install product-changelog
功能描述
Product changelog and release notes that users actually read. Covers categorization, user-facing language, visuals, and distribution. Use for: release notes,...
安全使用建议
This skill is an instruction-only helper for writing changelogs and optionally generating visuals via the third-party inference.sh CLI. Before running anything: (1) verify you trust the inference.sh domain and the dist.inference.sh checksums rather than blindly running curl | sh; consider manual download and checksum verification; (2) be aware infsh login will create credentials for that external service — treat those like any API key; (3) if you prefer safer testing, run the install and visual-generation commands in an isolated environment (container or VM); (4) if you need stronger assurance, ask the publisher for an authoritative homepage or code repo (the skill lists no source/homepage). If the inference.sh domain or the referenced app names are unfamiliar or untrusted, treat the install step as potentially risky.
功能分析
Type: OpenClaw Skill
Name: product-changelog
Version: 0.1.5
The skill is classified as suspicious due to two main factors. First, the `SKILL.md` instructs users to install the `inference.sh` CLI via `curl -fsSL https://cli.inference.sh | sh`. While the skill includes a disclaimer about the script's safety, this 'pipe to shell' method is an inherent supply chain risk, as it executes arbitrary code from a remote source without prior inspection. Second, the skill allows the agent to use `infsh app run infsh/agent-browser` to visit arbitrary URLs and take screenshots. This capability, while intended for legitimate purposes like generating feature visuals, introduces a potential Server-Side Request Forgery (SSRF) or information disclosure vulnerability if the agent is prompted to visit malicious or internal network URLs without proper input sanitization or sandboxing. There is no direct evidence of malicious intent, but these practices present significant security risks.
能力评估
Purpose & Capability
Name/description (writing changelogs, release notes, visuals) matches the instructions: the SKILL.md focuses on writing guidance plus generating visuals via inference.sh commands. The external visual-generation steps are coherent with the stated purpose.
Instruction Scope
SKILL.md stays on-topic: formatting guidance, categories, versioning, and examples for generating images via infsh app run. It does not instruct reading unrelated files, exporting secrets, or contacting endpoints outside of the visual/CLI workflow.
Install Mechanism
The skill itself has no install spec (lowest risk), but the runtime docs recommend piping a remote install script (curl https://cli.inference.sh | sh) and running infsh commands that fetch/execute apps. This is expected for the described visual generation, but piping a remote script is higher-risk in general — the doc claims checksums are available at dist.inference.sh which mitigates risk if verified.
Credentials
The skill declares no required env vars or credentials. It shows commands like infsh login which imply separate credentials to the inference.sh service, but the skill does not request unrelated secrets or multiple external credentials.
Persistence & Privilege
No persistent/install behavior is declared in the registry; always is false and the skill does not request elevated or cross-skill configuration changes. Autonomy (model invocation) is allowed by default but not combined with other red flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install product-changelog - 安装完成后,直接呼叫该 Skill 的名称或使用
/product-changelog触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.5
- Initial release of product-changelog skill for generating user-friendly product changelogs and release notes.
- Provides clear guidelines for categorizing changes (New, Improved, Fixed, Removed, Security).
- Emphasizes user-facing language and benefits over internal technical details.
- Offers templates and examples for changelog structure, visual changelogs, and social media snippets.
- Includes instructions for generating visuals and distributing release notes across various channels.
v0.1.0
Initial release — product-changelog 0.1.0
- Provides clear guidelines for writing user-friendly changelogs and release notes.
- Includes best practices for categorizing changes (New, Improved, Fixed, Removed, Security).
- Offers templates for changelog structure, visuals, versioning, and distribution channels.
- Details rules for user-facing language, frequency, and common mistakes to avoid.
- Supports visual changelog generation using inference.sh CLI commands.
元数据
常见问题
Product Changelog 是什么?
Product changelog and release notes that users actually read. Covers categorization, user-facing language, visuals, and distribution. Use for: release notes,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 675 次。
如何安装 Product Changelog?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install product-changelog」即可一键安装,无需额外配置。
Product Changelog 是免费的吗?
是的,Product Changelog 完全免费(开源免费),可自由下载、安装和使用。
Product Changelog 支持哪些平台?
Product Changelog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Product Changelog?
由 Ömer Karışman(@okaris)开发并维护,当前版本 v0.1.5。
推荐 Skills