Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PR + Commit Workflow
v1.0.0This skill should be used when creating commits or pull requests, enforcing a human-written PR structure, intent capture, and evidence in agentic workflows.
⭐ 0· 3.1k·13 current·13 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated purpose (enforcing human-written PR intent and structured commits) generally matches the files and templates provided. However the skill implicitly assumes tooling (gh, git) and access to agent prompt logs/history/search tools (cm/cass, Codex logs) that are not declared in the skill metadata. Asking agents to read local agent logs and environment metadata is broader than a minimal PR-helper and should be justified explicitly.
Instruction Scope
SKILL.md and references require inclusion of the full prompt history verbatim and environment metadata in every PR, and they instruct use of agent history search tools and a helper script to collect environment fields. That creates a high risk of leaking sensitive prompt contents or secrets. The instructions also direct use of gh commands and /tmp for draft bodies but the skill metadata does not declare these runtime requirements. The redaction guidance ('redact only the sensitive portion') leaves too much discretion to the agent.
Install Mechanism
No install spec is present and the skill is instruction-first with a small local script. From an install mechanism viewpoint this is low risk (nothing to download/run beyond the provided script).
Credentials
The skill declares no required env vars, but scripts/readme reference and the included script will read a variety of environment variables (AGENT_HARNESS, CODEX_MODEL, OPENAI_MODEL, ANTHROPIC_MODEL, CURSOR_MODEL, LLM_MODEL, THINKING_LEVEL, terminal/version, etc.) and check for local directories under $HOME. This mismatch (declaring none but reading many) is disproportionate and may reveal sensitive info about models, harnesses, or other local artifacts. The skill also encourages including full prompt entries, which may contain secrets or private data.
Persistence & Privilege
The skill is not force-included (always=false) and does not request special persistence, but it is invocable and (by default) can be invoked autonomously by the agent. Combined with the instruction to gather and embed prompt histories and environment metadata, autonomous invocation increases the blast radius for accidental or automated exfiltration. The skill does not require explicit confirmation steps for harvesting or publishing prompt history.
What to consider before installing
This skill aims to produce high-quality, auditable PRs, but it requires collecting and embedding 'full prompt history' and environment metadata into PR bodies — data that often contains sensitive info (API keys, passwords, private prompts). Before installing, consider: 1) Do you ever store secrets or private data in prompts or agent logs? If yes, do NOT enable automatic inclusion of full prompt history. 2) The skill expects to run gh/git commands but doesn't declare those binaries — ensure gh is installed and that you trust the skill to run it. 3) The provided scripts read many environment variables and look for local agent files; review scripts/build_pr_body.sh locally to see exactly what will be collected. 4) Ask the maintainer (or modify locally) to: a) require explicit user consent before collecting/publishing prompt history or environment metadata; b) make redaction rules strict and automatic (remove credentials, tokens, secrets) rather than leaving redaction to the agent's discretion; c) add an option to include only metadata (harness/model) rather than full prompts; d) declare required binaries (gh, git) in metadata. 5) If you want to use this skill but restrict risk: disable autonomous invocation for it, require a human confirmation step before any collection/publish, and test the build_pr_body.sh script in a sandbox to confirm it doesn't reveal anything you consider private. If these mitigations cannot be implemented, treat the skill as unsafe for repositories where prompt history or environment metadata may include secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk9780j8gvea90p4pbpzwkvt1wn7yzsq0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.