ClawHub

Commit Reviewer(提交修复检查)

v1.1.0

根据一个或多个 git 修订号和需求描述,检查提交是否真正修复了对应 bug,并给出逐条结论

0· 114·0 current·0 all-time
bycarpe@carpedx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for checking git commits; required binaries (git, bash, find, sed, grep, sort) and the provided script implement scanning repos and printing commit diffs and metadata — all necessary and proportionate to the stated purpose.
Instruction Scope
SKILL.md and the entrypoint script limit analysis to repository data and diffs, and correctly require a user-provided bug description before drawing conclusions. Note: the script scans a work root for repositories and prints repository context including remote URLs and commit author info, which may expose sensitive repository metadata if run against a large or unexpected filesystem root.
Install Mechanism
No install spec; instruction-only with a bundled shell script. This is lowest-risk installation surface — the script runs locally and nothing is downloaded from external URLs.
Credentials
No secrets or credentials required. Optional environment variables (COMMIT_REVIEWER_WORK_ROOT, COMMIT_REVIEWER_SCAN_DEPTH, COMMIT_REVIEWER_PATCH_LINES) are appropriate. Be aware that the script reads the filesystem (work root) and the HOME expansion — scanning an entire home/workspace may reveal many repos and metadata.
Persistence & Privilege
Skill is not marked always:true and doesn't modify system or other skills. It runs as an on-demand script and does not request persistent privileges.
Assessment
This skill appears to do what it says: run locally, find the repository that contains the given commit(s), and print repository context and a limited patch for human review. Before running: (1) Prefer invoking it from inside the target repo or set COMMIT_REVIEWER_WORK_ROOT to a narrow workspace to avoid scanning your entire home directory; (2) be aware the output includes remote URLs and commit author emails — don't run it against private/sensitive repos unless you trust the environment; (3) the script executes git commands locally (no network uploads) but will reveal repo metadata, so review the bundled script if you have stricter security policies; (4) consider lowering COMMIT_REVIEWER_PATCH_LINES to reduce the amount of code printed if you want to limit exposition of large diffs.

Like a lobster shell, security has layers — review code before you run it.

code-reviewvk972yr5bqqt5ctarb9abksh48s8389fzcommitvk972yr5bqqt5ctarb9abksh48s8389fzdebugvk972yr5bqqt5ctarb9abksh48s8389fzdevelopervk972yr5bqqt5ctarb9abksh48s8389fzgitvk972yr5bqqt5ctarb9abksh48s8389fzlatestvk972yr5bqqt5ctarb9abksh48s8389fzreviewvk972yr5bqqt5ctarb9abksh48s8389fz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsbash, git, find, sed, grep, sort

Comments