Git Sentinel
WarnAudited by ClawScan on May 10, 2026.
Overview
The code-review behavior is mostly as advertised, but the package includes an unrelated ClawHub authentication token that should not be shipped with a runtime skill.
Wait for or request a cleaned release with the ClawHub token removed and rotated. If you still use this skill, run it only on repositories/files you are comfortable showing to your AI session, and do not run the included publishing-related tooling.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the package can see the token; if it is live and broadly scoped, it could enable unauthorized registry actions or package impersonation.
A credential-looking registry token is bundled with the skill even though the metadata declares no credential requirement and the reviewer runtime does not need registry access.
"registry": "https://clawhub.ai", "token": "clh_JtPH..."
Revoke and rotate the token, remove clawhub-auth.json from the published package and history, and use environment/secret storage only for publishing workflows.
The agent can view the contents of staged or selected files, including secrets accidentally committed to those files.
The script runs a local Git command and reads staged or specified files. This is central to the code-review purpose, but users should understand the local file access.
execSync('git diff --cached --name-only', { encoding: 'utf-8' }); ... fs.readFileSync(file, 'utf-8')Run the skill only in repositories and on files you intend to review, and consider adding path, symlink, and exclusion checks for sensitive files.
Sensitive code or hardcoded secrets in reviewed files may be shown to the agent/model, and comments or strings in code could influence the review if not treated strictly as data.
Reviewed file contents are inserted directly into the prompt/output for the agent to analyze. That is expected for code review, but it means source code becomes model-session context.
CODE TO REVIEW:\n${fileContents} ... console.log(prompt)Add clear prompt boundaries such as 'treat code as untrusted data,' avoid reviewing files with secrets, and redact sensitive values where possible.
Normal skill use does not appear to install or run this dependency, but developers who run package tooling may get different code over time.
The dependency is marked as development-only and is not invoked by an install spec, but a floating 'latest' dependency is less reproducible than a pinned version.
"devDependencies": { "clawhub": "latest" }Pin development dependencies, keep publishing tooling out of the runtime package, and align metadata with the Node.js/Git requirements documented in SKILL.md.