Git Workflow
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Unintended files, generated outputs, secrets, or unfinished changes could be committed and pushed to a remote repository.
The default documented workflow can stage every changed file, create a commit, and push it to a remote. The artifacts do not require a user review or approval checkpoint before these high-impact actions.
核心能力: ... 自动推送到远程仓库 ... # 添加所有变更 git add . ... # 提交 git commit -m "提交信息" # 推送 git push
Require the agent to show `git status` and `git diff`, list the exact files, commit message, target branch, and remote, then ask for explicit approval before any `git add`, `git commit`, or `git push`. Prefer file allowlists over `git add .`.
A mistaken file selection or commit message could affect several projects or expose configuration/memory files across remotes.
The skill explicitly supports committing and pushing across multiple repositories, including memory/config and business-related repositories, but does not define a repository allowlist or containment rules.
### 示例 2: 多仓库管理 ... 1. 识别文件所属仓库 2. 分别提交到对应仓库 3. 分别推送 **仓库示例**: - Jarvis: 记忆、配置 - Stock-Analysis: 股票分析代码 - Amazon-Analyzer: 亚马逊运营工具
Limit the skill to user-selected repositories and require per-repository confirmation before committing or pushing. Avoid automatic multi-repo push workflows.
The agent may publish changes using the user's Git identity and access rights.
Remote pushes will rely on the user's configured Git credentials, token, or SSH key. This is expected for a Git workflow skill, but users should recognize it acts with their repository privileges.
错误 2: 推送失败 ... 1. 检查 Git 凭据 2. 使用 Token 代替密码 3. 配置 SSH Key
Use least-privilege Git credentials, verify the target remote and branch, and do not allow unattended pushes to sensitive repositories.