gitee
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Gitee helper that uses expected Git and API commands, but it can use a Gitee token to change repositories, issues, pull requests, and files.
This skill appears safe to install if you intend to let the agent work with Gitee. Before using it, provide only a least-privilege Gitee token, keep the token out of chat and logs, and review any operation that creates issues, opens pull requests, updates files, or pushes commits.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a write-capable token or git remote, the agent could create or update remote repository content.
The skill documents commands that can modify repository contents or push commits to Gitee. This is aligned with the Gitee workflow purpose, but users should confirm write operations and repository targets.
Create or update file contents use the same path with `POST` or `PUT`... `git push origin HEAD`
Use least-privilege Gitee tokens, verify OWNER/REPO and branch values, and require explicit user confirmation before pushes or file-changing API calls.
A broadly scoped token could allow more repository access or mutation than intended.
The skill requires a Gitee personal access token for API calls. This is expected for the integration and the artifact advises not to print or paste the token, but the token's scope determines the impact of any action.
Create a Gitee personal access token with the repository permissions you need... export GITEE_ACCESS_TOKEN="..."
Create a narrowly scoped token for the specific repositories and actions needed, store it securely, and rotate it if it may have been exposed.