Git Standup
PassAudited by ClawScan on May 1, 2026.
Overview
Git Standup appears purpose-aligned for generating Git-based work reports, but it can summarize private repository history and its direct-use instructions point to code outside the submitted package.
This skill looks reasonable for generating work reports from Git history. Before installing or using it, remember that Git commit history can reveal private project details, so limit the repository paths and review any generated report before sharing. If you use the README’s direct GitHub clone instructions, inspect that external code first because it is not included in the submitted package.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The generated report may include private commit messages, issue references, authorship details, and work activity from selected repositories.
The command can read user-specified repository paths and write a report to a user-specified file. This is expected for a Git standup tool, but users should scope paths and outputs carefully.
| `--repos` | 指定多个仓库路径 | | `--output` | 输出文件路径 |
Use it only on repositories and date ranges you intend to summarize, choose a safe output path, and review the report before sharing it.
If a user follows the direct-use instructions, they may run code that was not included in the reviewed artifact set.
The README provides a direct-use path that clones and runs code from an external GitHub repository, while the submitted package has no included bin/daily-standup executable and registry source/homepage are not declared. The action is user-directed, not automatic.
git clone https://github.com/kimi-claw/skill-git-standup.git cd skill-git-standup ./bin/daily-standup --help
Prefer the registry-installed skill for normal use, or inspect and pin the external repository before cloning and running its script.