Commit Message Generator
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: git-commit-gen Version: 1.0.0 The skill bundle is a standard utility for generating conventional commit messages from git diffs. It contains only metadata and instructions (SKILL.md) for an AI agent to execute git commands (e.g., 'git diff --staged') and format the output. There is no executable code, no evidence of data exfiltration, and no malicious prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect staged or branch changes in the current repository to prepare a commit message.
The skill expects the agent to run read-only Git diff commands. This is central to the commit-message-generation purpose and is not shown as destructive or automatic beyond the user-invoked task.
Read `git diff --staged` and generate a commit message.
Use it in repositories where you are comfortable having the agent read the relevant diff, and review any suggested commit command before running it.
Private repository changes could be exposed to the agent/model context while generating the message.
Git diffs can include proprietary code, internal filenames, configuration changes, or accidentally staged secrets that would be placed into the agent context for analysis.
Reads the git diff (staged, branch, or provided inline)
Review staged changes first and avoid using the skill on diffs that contain secrets or sensitive proprietary content you do not want processed.
A user may be confused about whether the skill needs sensitive credentials; the reviewed instructions do not justify providing any.
These capability signals conflict with the metadata and SKILL.md, which declare no credentials or environment variables and do not describe any credential handling.
requires-oauth-token; requires-sensitive-credentials
Do not provide OAuth tokens, passwords, cookies, or other credentials to this skill unless a separate, clearly reviewed artifact explains why they are needed.