Nm Sanctum Commit Messages
PassAudited by ClawScan on May 9, 2026.
Overview
This instruction-only skill is coherent for generating commit messages, but it will read staged Git changes and write a local commit message preview file.
This skill appears safe and purpose-aligned. Before using it, make sure your staged Git changes do not contain secrets or private content you do not want the agent to inspect, and check the generated `commit_msg.txt` before using it.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect staged source changes, which could include private code or accidentally staged secrets, and create or overwrite a local `commit_msg.txt` file.
The skill directs the agent to run local Git commands that read staged repository changes and recent commit history, then write a local preview file. This is aligned with generating a commit message, but users should notice the local command and file-write behavior.
- `git status -sb` - `git diff --cached --stat` - `git diff --cached` - `git log --oneline -5` ... 5. **Write** to `./commit_msg.txt` and preview.
Use this only in repositories where you are comfortable letting the agent inspect staged changes, and review staged files plus the generated `commit_msg.txt` before committing.