ClawHub

Git Hooks Toolkit

v1.0.0

Generate, install, and manage Git hooks with pre-built templates. Includes hooks for linting staged files, enforcing conventional commits, blocking debug sta...

0· 98·0 current·0 all-time
byJohn Wang@johnnywang2001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill name/description (git hooks generation/management) aligns with the included script and templates. However the runtime requires git and python3 (the SKILL.md shows running `python3 scripts/git_hooks.py` and the templates use git commands), yet the packaged metadata declares no required binaries — this is an omission that should be corrected.
Instruction Scope
SKILL.md tells the agent to run the bundled script to list/install/show/remove hooks, which is within scope. The hook templates themselves run linters, formatters, test suites, and (in the truncated post-merge template) auto-install dependencies; these are expected for such a tool but do allow executing arbitrary project commands and package-manager install scripts when hooks trigger. Review post-merge install-deps behavior before enabling in sensitive repos.
Install Mechanism
No install spec and no network downloads; the skill is delivered as source (script + SKILL.md). That minimizes installer risk — nothing will be fetched or written by an automated installer beyond what the script does when run by the user.
Credentials
The skill declares no required environment variables or credentials and the code does not attempt to read secrets. It does rely on local developer tools (git, npx/npm, linters, test runners) which are appropriate for its purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or cross-skill privileges. It only writes hooks into a repository when explicitly invoked by the user, which is expected behavior.
Assessment
This package appears to do what it says: generate and install git hooks. Before installing, manually inspect the post-merge 'install-deps' template (the file was truncated in the listing) to confirm which install commands it runs. Note that hooks will run project commands (linters, tests, package managers) on your machine — auto-installing dependencies can execute package-manager postinstall scripts, which could be risky in untrusted projects. Also ensure python3 and git are available (the metadata omits required binaries). If you plan to use it on important repositories, run it in a disposable clone first or enable only specific templates you trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk970en6x99sd7w4g2hqk7kgkm183btzh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments