Commit Message Generator
PassAudited by ClawScan on May 5, 2026.
Overview
This instruction-only skill is coherently focused on reading Git diffs to draft commit messages, with no code install or credential use shown.
This skill appears safe and purpose-aligned for drafting commit messages. Before using it, make sure your staged diff does not contain secrets or highly sensitive code, and do not provide credentials because the reviewed instructions do not require them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect staged or branch changes in the current repository to prepare a commit message.
The skill expects the agent to run read-only Git diff commands. This is central to the commit-message-generation purpose and is not shown as destructive or automatic beyond the user-invoked task.
Read `git diff --staged` and generate a commit message.
Use it in repositories where you are comfortable having the agent read the relevant diff, and review any suggested commit command before running it.
Private repository changes could be exposed to the agent/model context while generating the message.
Git diffs can include proprietary code, internal filenames, configuration changes, or accidentally staged secrets that would be placed into the agent context for analysis.
Reads the git diff (staged, branch, or provided inline)
Review staged changes first and avoid using the skill on diffs that contain secrets or sensitive proprietary content you do not want processed.
A user may be confused about whether the skill needs sensitive credentials; the reviewed instructions do not justify providing any.
These capability signals conflict with the metadata and SKILL.md, which declare no credentials or environment variables and do not describe any credential handling.
requires-oauth-token; requires-sensitive-credentials
Do not provide OAuth tokens, passwords, cookies, or other credentials to this skill unless a separate, clearly reviewed artifact explains why they are needed.