diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json
index ebb5c35..f70c28a 100644
--- a/.claude-plugin/marketplace.json
+++ b/.claude-plugin/marketplace.json
@@ -6,7 +6,7 @@
   },
   "metadata": {
     "description": "Skills shared by Baoyu for improving daily work efficiency",
-    "version": "1.51.0"
+    "version": "1.51.1"
   },
   "plugins": [
     {
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 27c824d..882bc3a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,18 @@
 
 English | [中文](./CHANGELOG.zh.md)
 
+## 1.51.1 - 2026-03-06
+
+### Refactor
+- Unify Chrome CDP profile path — all skills now share `baoyu-skills/chrome-profile` instead of per-skill directories
+- Fix `baoyu-post-to-weibo` incorrectly reusing `x-browser-profile` path
+
+### Fixes
+- Remove `curl | bash` remote code execution pattern from all install instructions
+- Enforce HTTPS-only for remote image downloads in `md-to-html` scripts
+- Add redirect limit (max 5) to prevent infinite redirect loops
+- Add Security Guidelines section to CLAUDE.md
+
 ## 1.51.0 - 2026-03-06
 
 ### Features
diff --git a/CHANGELOG.zh.md b/CHANGELOG.zh.md
index b7ab9ed..6b03ab5 100644
--- a/CHANGELOG.zh.md
+++ b/CHANGELOG.zh.md
@@ -2,6 +2,18 @@
 
 [English](./CHANGELOG.md) | 中文
 
+## 1.51.1 - 2026-03-06
+
+### 重构
+- 统一 Chrome CDP profile 路径——所有 skill 共享 `baoyu-skills/chrome-profile`，不再各自独立目录
+- 修复 `baoyu-post-to-weibo` 错误复用 `x-browser-profile` 路径的问题
+
+### 修复
+- 移除所有安装说明中的 `curl | bash` 远程代码执行模式
+- `md-to-html` 脚本强制仅允许 HTTPS 下载远程图片
+- 添加重定向次数限制（最多 5 次），防止无限重定向
+- 在 CLAUDE.md 中新增安全准则章节
+
 ## 1.51.0 - 2026-03-06
 
 ### 新功能