← 返回 Skills 市场
quincygunter

App Store Changelog

作者 QuincyGunter · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
58
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install qui-app-store-changelog
功能描述
Create user-facing App Store release notes by collecting and summarizing all user-impacting changes since the last git tag (or a specified ref). Use when ask...
安全使用建议
This skill appears to be what it says: it runs a small git-based script to list commits and touched files and then drafts App Store release notes. Before installing or running it, be aware that: (1) the script requires git but the metadata doesn't declare that — ensure git is available where the agent runs; (2) the script will print the repository root, commit messages, and file paths, so sensitive data in commit messages or filenames could be exposed; (3) run it only on repositories you trust or in an environment where viewing repo history is acceptable. If you want extra caution, inspect the commit output produced by scripts/collect_release_changes.sh before allowing the agent to summarize or transmit those contents, or run the script locally yourself and paste only the needed output into the agent.
功能分析
Type: OpenClaw Skill Name: qui-app-store-changelog Version: 1.0.0 The skill is designed to generate App Store release notes from git history, but it contains a shell injection vulnerability in `scripts/collect_release_changes.sh`. The script passes the `since_ref` and `until_ref` arguments directly into a shell command without sanitization or quoting, which could allow arbitrary command execution if a malicious git tag or reference name is used. While the behavior aligns with the stated purpose and lacks evidence of intentional malice, the lack of input validation is a high-risk flaw.
能力评估
Purpose & Capability
The name/description match the included assets: SKILL.md describes collecting git history and summarizing user-facing changes, and the repo includes a script that runs git to produce commits and touched files. Minor inconsistency: the skill metadata lists no required binaries, but the script requires git to run; declaring git as a required binary would be expected.
Instruction Scope
SKILL.md instructs the agent to run scripts/collect_release_changes.sh from the repo root and to triage commits/files to create release notes. The collection script prints the repo root, commit messages, and file paths — expected for this task, but it may expose sensitive file paths, commit messages, or other repository contents if present. There are no instructions to read unrelated system files or transmit data to external endpoints.
Install Mechanism
There is no install spec and the skill is instruction-only with a small bundled shell script. Nothing is downloaded or written to disk by the skill itself; risk from installation is minimal.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The script simply runs git commands in the repo — its permissions are proportional to producing a changelog.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request persistent presence or modify other skills or system configs. It does not write files or install services.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install qui-app-store-changelog
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /qui-app-store-changelog 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the app-store-changelog skill. - Generates user-facing App Store release notes by summarizing all impactful changes since the last git tag. - Automatically collects, triages, and drafts concise, benefit-focused changelogs from git history. - Excludes internal changes and technical jargon for clear communication with end users. - Follows structured workflow and best practices to ensure high-quality, accurate release notes.
元数据
Slug qui-app-store-changelog
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

App Store Changelog 是什么?

Create user-facing App Store release notes by collecting and summarizing all user-impacting changes since the last git tag (or a specified ref). Use when ask... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 58 次。

如何安装 App Store Changelog?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install qui-app-store-changelog」即可一键安装,无需额外配置。

App Store Changelog 是免费的吗?

是的,App Store Changelog 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

App Store Changelog 支持哪些平台?

App Store Changelog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 App Store Changelog?

由 QuincyGunter(@quincygunter)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论