ClawHub

Doro Git Essentials

v1.0.0

Essential Git commands and workflows for version control, branching, and collaboration.

0· 652·3 current·3 all-time
byMus Titou@a2mus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the contents: the skill is a Git command reference and it only requires the 'git' binary. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md is a straightforward Git guide. It instructs running commands that modify local state (~/.gitconfig via git config --global, working tree, commits, branches) and remote state (git push, git push --force, git remote set-url). These are expected for a Git guide but are potentially destructive; the skill does not try to read unrelated files or send data to external endpoints beyond standard git remotes.
Install Mechanism
No install spec and no code files — lowest-risk form. Note: registry metadata at the top of the package and the embedded _meta.json show different ownerId/slug values (registry: 'doro-git-essentials', ownerId kn7ervna...; _meta.json: slug 'git-essentials', ownerId kn7anq2d...), which is a minor inconsistency in metadata but does not affect behavior since there is no install step or external download.
Credentials
No environment variables, credentials, or config paths are requested. The SKILL.md does not reference secrets or access tokens. The only side-effects are standard git operations that use whatever repo/remotes the user provides.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent presence or modify other skills or system-wide settings. The only persistent change it suggests is modifying the user's Git config (~/.gitconfig), which is expected for initial Git setup.
Assessment
This skill is an offline instruction-only Git reference (no code to install, no external downloads, no credentials requested). It is coherent with its purpose. Before using it: (1) be aware many commands are destructive (git reset --hard, git push --force, git clean -fdx) and will alter or permanently remove local/remote data — run them only if you understand the effect; (2) git config --global writes to ~/.gitconfig (expected); (3) verify the publisher/owner if provenance matters — the embedded _meta.json differs from the registry metadata (slug/ownerId mismatch), which is a packaging inconsistency (not a behavioral risk here but worth confirming); (4) because the skill can be invoked by an agent, avoid allowing automated runs to execute destructive commands on repositories you care about.

Like a lobster shell, security has layers — review code before you run it.

latestvk97csb8qeve0n7e2xp9e8h939581vd0j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌳 Clawdis
Binsgit

Comments