Git Repo Auditor
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent local Git auditing tool; the main caution is that its reports may include secret values found in repository history.
This skill appears safe for its stated purpose. Before installing or running it, remember that it scans Git history and may print or save snippets of real secrets it finds, so keep reports private and rotate any exposed credentials.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the repository contains leaked secrets, the audit report itself may become sensitive and should not be shared broadly.
The scanner records part or all of each detected secret match in its output data. This is purpose-aligned for secret auditing, but generated terminal output or JSON reports may contain real credentials or tokens.
"match": match.group(0)[:50] + ("..." if len(match.group(0)) > 50 else "")Protect generated reports, avoid publishing scan output, and rotate any real secrets that are detected.
The tool can read files and historical commits in the repository path provided by the user.
The skill invokes local git commands to inspect repository metadata and history. This is central to the stated auditing purpose and does not use shell=True, but it still gives the tool access to the selected repository's contents and history.
subprocess.run(["git"] + args, cwd=cwd, capture_output=True, text=True, timeout=30)
Run it only on intended local repositories and review report destinations, especially when using JSON output in automation.