← 返回 Skills 市场
tenkus47

sprint-release-notes

作者 tenkus47 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
86
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install sprint-release-notes
功能描述
Automatically generate sprint release notes from a GitHub Project Board and publish to their respective repositories. Groups completed items by repository, g...
安全使用建议
Things to consider before installing or running this skill: - It requires a GitHub Personal Access Token (PAT) with repository (write) and Projects access to create/update Releases. The registry metadata does NOT declare this; expect the skill to ask you for the PAT at runtime or to read it from the included references/config.yaml file. - The package includes a sample references/config.yaml where users might be tempted to paste their PAT. Storing long-lived tokens in plaintext files is risky; prefer using a short-lived token or entering the token interactively and avoid committing it to disk or version control. - The code and instructions are coherent with the stated purpose (reading ProjectV2, PRs, commits, README, creating Releases), but the presence of a Discord webhook entry in references/config.yaml is not documented in SKILL.md. Confirm whether the script actually sends data to that webhook before providing secrets — this could be an unexpected external sink. - Run the included script with --dry-run first (the run script defaults to dry-run) and review generate_release_notes.py fully to confirm where it posts outputs and whether it transmits anything outside GitHub. - Restrict the PAT's scope and lifetime (limit to only the repos/orgs needed, consider a repo-scoped token or a token with minimal write scope), and monitor its usage. If you cannot verify why the token is required or where outputs go (especially to the webhook), do not provide a PAT. - Ask the publisher to update the registry metadata to declare the required credential and to document webhook behavior explicitly. If you want higher assurance, request that the skill avoid storing credentials in local files and only accept tokens interactively or via well-documented environment variables.
功能分析
Type: OpenClaw Skill Name: sprint-release-notes Version: 1.0.1 The skill bundle is a functional tool designed to automate the generation and publication of sprint release notes from GitHub Project Boards to GitHub Releases. The core logic in `scripts/generate_release_notes.py` uses the GitHub GraphQL and REST APIs to gather sprint data, score contributors based on activity, and create release entries. While the skill requires a GitHub Personal Access Token (PAT) with broad permissions (repo scope), the code and instructions in `SKILL.md` are consistent with the stated purpose and include explicit warnings against leaking the token. No evidence of data exfiltration, malicious execution, or intentional backdoors was found, although the Python script contains some minor code duplication bugs in its markdown generation logic.
能力标签
cryptocan-make-purchasesrequires-oauth-token
能力评估
Purpose & Capability
The skill's stated purpose (read a GitHub Project board, compile per-repo release notes, and publish GitHub Releases) is coherent with the included Python script which uses the GitHub GraphQL and REST APIs. However the registry/metadata shows no required credentials or env vars while the SKILL.md explicitly requires a GitHub PAT and the scripts expect a PAT in references/config.yaml. That mismatch (manifest claiming no credentials but runtime needing a PAT with repo/write scopes) is a material inconsistency.
Instruction Scope
SKILL.md instructs the agent to query Projects v2, read PRs, commits, README and docs via the GitHub API — all within the stated purpose. The instructions also refer to local reference files (github-queries.md and contributor-scoring.md) which are present. One note: the skill's docs/README do not mention an optional Discord webhook, but references/config.yaml contains a webhook_url entry (and could be used by code paths); that introduces an extra external endpoint not described in SKILL.md.
Install Mechanism
No install spec is provided (instruction-only), and included scripts are plain Python/bash. The Python script requires the 'requests' library, which is expected. No network download/install from arbitrary URLs or package registries is present.
Credentials
The skill needs a GitHub PAT with repository and project access to function (SKILL.md specifies scopes 'repo', 'read:org', 'project'), which is appropriate for publishing releases. But the registry entry lists no required env vars and no primary credential — a mismatch that hides the need for a high-privilege token. Additionally, references/config.yaml includes an optional Discord webhook field; storing a PAT or sending data to a webhook would permit external transmission of potentially sensitive data if the code uses that webhook path.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide persistence. The included run script runs the generator in --dry-run by default. There is no evidence the skill modifies other skills or global agent configuration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sprint-release-notes
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sprint-release-notes 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Version 1.0.1 - Added _meta.json to provide package metadata. - Updated scripts/generate_release_notes.py with improvements or fixes. - No user-facing workflow changes; update is primarily internal/structural.
v1.0.0
- Initial release of the Sprint Release Notes Generator skill. - Automatically generates sprint release notes from a GitHub Project Board (v2), grouping completed items by repository. - Produces and publishes per-repo markdown release notes as GitHub Releases (create or update by tag), not as files in the repo. - Deep-reads issues, PRs, commits, and docs for context, categorizes items, and recognizes top contributors. - Optionally posts a summary comment to a designated project issue. - Requires a GitHub PAT token and a GitHub Project Board URL to operate.
元数据
Slug sprint-release-notes
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

sprint-release-notes 是什么?

Automatically generate sprint release notes from a GitHub Project Board and publish to their respective repositories. Groups completed items by repository, g... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 86 次。

如何安装 sprint-release-notes?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sprint-release-notes」即可一键安装,无需额外配置。

sprint-release-notes 是免费的吗?

是的,sprint-release-notes 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

sprint-release-notes 支持哪些平台?

sprint-release-notes 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 sprint-release-notes?

由 tenkus47(@tenkus47)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论