ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

git-worktree

v2.56.0

Manage Git worktrees for isolated parallel development. Use when creating, listing, switching, or cleaning up git worktrees, or when needing isolated branche...

0· 109·0 current·0 all-time
byIlia Alshanetsky@iliaal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description align with the included script: create/list/switch/cleanup worktrees and copy .env files. However, SKILL.md claims additional behaviors (automatic dependency installs: npm/composer/pip/go; environment detection like honoring $CODEX_SANDBOX) that are not implemented in the provided script. That mismatch is unexplained and may confuse users.
!
Instruction Scope
The instructions and script copy all .env* files from the repo root into newly created worktrees. Copying environment files (which often contain secrets) is functionally relevant but broad: it duplicates sensitive data into .worktrees. The SKILL.md instructs running test suites and mentions other integrations (e.g., gh pr create) but the script does not implement those steps. The script also performs git network operations (git pull origin) — expected but worth noting.
Install Mechanism
No install spec; this is an instruction-only skill with a shell script. Nothing is downloaded or written to system paths beyond the repository working tree. This is the lower-risk install model.
Credentials
The skill requests no credentials or environment variables. However, it reads and copies .env* files (sensitive by nature) from the repo root into .worktrees. While this is consistent with the stated goal, it increases the risk surface for secret exposure (backups, accidental sharing). SKILL.md references $CODEX_SANDBOX and ${CLAUDE_PLUGIN_ROOT} but neither is declared as required — the script does not rely on CODEX_SANDBOX.
Persistence & Privilege
The skill does not request persistent/system privileges, does not set always:true, and is user-invocable only. It modifies only files inside the repository (.gitignore and .worktrees) which matches its purpose.
What to consider before installing
This skill implements a sensible git-worktree helper but has two things to check before installing/using it: (1) SKILL.md claims extra behaviors (auto-running package installs, sandbox detection) that the shipped script does not implement — verify what you expect vs. what runs. (2) The script automatically copies all .env* files from the repository root into the .worktrees directory. Because .env files often contain secrets, review whether you want them duplicated (even if .worktrees is added to .gitignore). Recommendations: inspect and test the script in a non-sensitive repository first; confirm .worktrees is in .gitignore before creating worktrees; consider removing or modifying the automated copy behavior if your .env files contain secrets you don't want duplicated; and run the script interactively so you can confirm actions like git pull and cleanup before allowing them to execute unattended.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fddnx53nwx1904cha04ge9h84vhe3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments