ClawHub

Git Repo Auditor

v1.0.0

Audit Git repositories for security issues, large files, sensitive data, and repository health metrics.

0· 199·0 current·0 all-time
byDerick@derick001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match required artifacts: the skill requires git and python3 and the included script invokes git to enumerate commits, files, blobs, and content. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
SKILL.md and README instruct scanning local repository paths and the script reads Git history and file contents via git commands. This is expected behaviour for a repo auditor. The tool does not instruct reading unrelated system files or sending data to external endpoints.
Install Mechanism
No install spec is provided; this is an instruction-only skill that includes a Python script. Nothing is downloaded or written to system install locations by an installer.
Credentials
No environment variables or credentials are required. All operations are local and use only git and filesystem access, which is proportionate to the stated goal.
Persistence & Privilege
The skill does not request persistent or always-enabled privileges. It does not modify other skills or system-wide agent settings; it prints reports and returns JSON when requested.
Assessment
This skill appears coherent and operates locally using git and Python. Before installing or running it: (1) only scan repositories you own or have permission to inspect — the tool reads full commit history and file contents; (2) the output can contain sensitive secrets detected in commits, so avoid exposing reports to third parties and rotate any keys you discover; (3) default regexes include a very generic "generic_token" pattern that may produce many false positives — consider customizing patterns; (4) large repositories may be slow and the script limits blob checks for performance; (5) the skill's source/homepage is unknown — if you need stronger assurance, review the full scripts/main.py file locally for any network I/O or hidden behavior before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97av37sp0dx996je2vqg4x9c982js81

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgit, python3

Comments