Git Guardian
PassAudited by ClawScan on May 10, 2026.
Overview
Git Guardian is a coherent git-review helper; its main risk is that it can stage, commit, stash, and push repository changes when used.
This skill appears safe for its stated purpose if you want agent changes tracked in git. Before approving commit or finish steps, check the full diff, confirm the branch and remote, and make sure secrets or unrelated local changes are not being staged.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run carelessly, the skill could commit or push files the user did not intend to include.
The helper stages all repository changes, creates commits, and pushes branches. This matches the git-review purpose, but it is broad enough to include unrelated or unintended files if the user has not reviewed the diff carefully.
git add -A ... git commit -m "$MSG" ... git push origin "$BRANCH" 2>&1
Review the full diff and git status before approving commits, keep secrets in .gitignore, and consider path-limited staging for sensitive repositories.
The branch may be published to the configured remote repository under the user’s git account.
Pushing to origin uses the user’s configured git identity and remote repository permissions. This is expected for the stated workflow, and no credential capture or token handling is shown.
git push origin <branch-name>
Confirm the current repository, branch, and origin remote before allowing the skill to finish and push changes.
Users may need to manually verify the script and ensure git is available in the environment.
The skill has limited provenance metadata and does not declare required git/bash binaries, even though it includes a shell helper. The provided script is small and reviewable, so this is a transparency note rather than a security concern.
Source: unknown Homepage: none Required binaries (all must exist): none Install specifications: No install spec
Review the included script before use and install only in environments where git operations are expected.