Is dimillian/app-store-changelog safe?

https://github.com/openclaw/skills/tree/main/skills/dimillian/app-store-changelog

98
SAFE

This is a legitimate and safe skill for generating App Store release notes from git commit history. The skill only performs read-only git operations and generates text output, with no network access or sensitive file operations.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (1)

LOW Shell script execution requested -5

The skill instructs the agent to execute a bash script (collect_release_changes.sh) to gather git commit information. While the script content is completely benign and only performs safe git operations, any shell script execution introduces theoretical risk.