AI Commit Message Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent for generating Git commit messages, but it can read staged code and create or amend local commits when invoked.
This looks safe for normal Git commit assistance. Before installing or using it, make sure you are comfortable with the agent reading your staged diff and potentially creating or amending a local commit; use dry-run and review staged files if there is any uncertainty.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Invoking the skill may create a local commit, and using --amend may rewrite the previous local commit.
The skill instructs the agent to run Git commands that mutate the local repository by creating a commit; this is expected for the stated purpose but should remain user-directed.
git commit -m "type(scope): subject" [-m "optional body"]
Use /commit --dry-run when unsure, review staged files first, and use --amend only when you intentionally want to modify the previous commit.
Sensitive information accidentally staged in a diff could be exposed to the agent while it generates the commit message.
The skill reads staged diffs so the agent can analyze code changes; this is necessary for commit-message generation, but any secrets or sensitive code in the staged diff may enter the agent context.
git diff --staged
Review staged changes for secrets or private data before running the skill, and avoid staging files that should not be analyzed.