Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Git Batch Commit
v1.2.4智能工具根据已暂存文件类型自动分类并生成多条逻辑清晰的 Git 提交,保持标准化和聚焦的提交历史。
⭐ 0· 143·1 current·1 all-time
byxierluo@cat-xierluo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the delivered artifacts: scripts analyze staged files, group by type, generate conventional commit messages, and create commits. Requesting no credentials and no external binaries is proportional. However, the SKILL.md also documents a post-commit 'ClawHub sync' flow that can add entries to a sync whitelist and run publish steps — this goes beyond simple commit-splitting and increases potential impact on repository metadata and release workflows.
Instruction Scope
Runtime instructions and bundled scripts operate on the local git repository (reading diffs, creating commits) which is expected. Concerns: (1) SKILL.md specifies a silent check that will 'do nothing' if skills/clawhub-sync/ is absent — silent behavior can hide branching logic; (2) SKILL.md describes modifying sync-allowlist.yaml and executing prepare-publish/publish when the user confirms — these are repository-modifying actions outside pure commit creation and should be visible and audited; (3) the code contains a hardcoded absolute cwd in is_new_skill_being_added (subprocess.run uses a path under /Users/maoking/...), which is non-portable and unexpected for a general-purpose tool and could cause accidental information probing or misbehavior on hosts where that path exists.
Install Mechanism
No install spec (instruction-only plus bundled scripts). This is low risk in terms of automatic installation since nothing is being downloaded or extracted. The tool executes local git and Python scripts — expected for this purpose.
Credentials
The skill requests no environment variables or credentials, which is appropriate. It does rely on git being available and on local filesystem access to repository files (SKILL.md, skills/*), which is necessary for the stated function.
Persistence & Privilege
The skill is not marked always:true and is user-invocable — normal. However, SKILL.md documents optional post-commit actions that will edit repository files (e.g., adding to sync-allowlist.yaml) and invoke publish workflows if the user consents; that increases the scope of changes the tool may make to the repo and to any downstream publish process, so users should audit those steps and confirm consent before enabling them.
Scan Findings in Context
[ABSOLUTE_CWD_HARDCODE] unexpected: generate_commit_message.py:is_new_skill_being_added calls git cat-file with cwd set to '/Users/maoking/Library/Application Support/maoscripts/skills/legal-skills'. A git helper should operate relative to the current repo, not a hardcoded user path. This is non-portable and may cause unexpected probing or errors on different hosts.
[GIT_SUBPROCESS_EXEC] expected: Scripts use subprocess.run to invoke git (diff, diff --cached, commit, reset, cat-file). This is expected for a tool that analyzes staged changes and creates commits.
[DOCUMENTED_AUTOMATED_SYNC] unexpected: SKILL.md documents automatically adding entries to sync-allowlist.yaml and running prepare-publish/publish when the user confirms a ClawHub sync. The provided scripts do not appear to implement that full flow; the documentation implies repository metadata edits and automated publishing which have broader side effects and require careful user consent and audit.
What to consider before installing
This skill appears to implement the batch-commit functionality it advertises, but there are a few red flags to check before installing or running it on important repositories: 1) Inspect and remove/fix the hardcoded absolute path in generate_commit_message.py (is_new_skill_being_added) — it should operate relative to the repository, not a fixed user directory. 2) Run the tool first with --dry-run to see grouping output and verify it won't modify files you didn't expect. 3) Do not use --yes (automatic confirmation) until you trust the behavior; confirm interactively so you can review each commit. 4) Review SKILL.md's 'ClawHub sync' section: if you have a skills/clawhub-sync/ directory, understand exactly what changes the tool will make (it may add lines to whitelist files and trigger publish scripts). If you do not want any repo metadata edits or publishing, remove or disable that step. 5) If you plan to run this in CI or automated contexts, test it first in a disposable clone or container. If you're not comfortable auditing Python, ask a colleague to review the two functions that call external commands and any code path that can write to repository files.Like a lobster shell, security has layers — review code before you run it.
latestvk97af4zg7yfnv027gmbczncj0x84b0av
License
MIT-0
Free to use, modify, and redistribute. No attribution required.