Git Deployer
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill transparently deploys by Git, but it default force-pushes and has unsafe temporary-clone/file-sync handling that could overwrite or misdirect repository content.
Use this only if you are comfortable letting an agent overwrite the target Git branch. Before installing or invoking it, verify the site path, remote URL, and branch, use a repository-scoped deploy key, back up important branches, and consider fixing the script to exclude .git, verify the existing /tmp clone's origin, and require confirmation before force-pushing.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken site path, branch, or remote can overwrite repository history/content and change the published site.
The deployment path always uses a force push to the selected branch, with no artifact evidence of confirmation, dry-run, backup, or force-with-lease safeguards.
echo "[5/5] Force-pushing to $BRANCH..." git push -u origin "$BRANCH" --force
Require explicit user confirmation before pushing, prefer --force-with-lease, support dry-run/backups, and verify the exact remote and branch before any destructive push.
Passing the wrong directory, especially a project root containing its own .git directory, could cause the deploy to fail or push to the wrong origin.
The script mirrors the source directory into the clone root with deletion before Git operations. Without excluding .git, a source path can delete or replace the clone's Git metadata, leading to failed deploys or pushes using unintended repository state.
rsync -av --delete "$SITE_PATH/" "$TMP_CLONE/" ... git add -A ... git push -u origin "$BRANCH" --force
Exclude .git and other VCS metadata from the rsync, validate that the destination is still the intended clone after copying, and reject source paths that are not clean build/output directories unless the user confirms.
A stale /tmp directory or two repositories with the same name could cause content to be committed or force-pushed through the wrong clone.
The temporary clone path is based only on the repository basename and is reused if it exists; the script does not verify that the existing clone's origin matches the requested remote URL before later pushing.
REPO_NAME=$(basename "$REMOTE_URL" .git)
TMP_CLONE="/tmp/$REPO_NAME"
if [[ -d "$TMP_CLONE" ]]; then
cd "$TMP_CLONE"
git fetch originUse a unique temp directory derived from a hash of the full remote URL, verify git remote get-url origin before reuse, and clean or recreate clones when the remote does not match.
If broad Git credentials are configured, the skill may be able to push to more repositories or branches than intended.
The skill relies on locally configured Git credentials to write to the remote repository. This is expected for deployment, but users should understand it grants repository mutation authority.
- `git` must be installed and configured with credentials for the remote - SSH key or HTTPS token auth must be set up for the remote repository
Use a least-privilege deploy key or token scoped to the single repository/branch being deployed, and verify the remote URL before invocation.
The skill may fail or behave differently depending on the local git/rsync installation and configured credentials.
The registry metadata does not declare runtime dependencies, while the included script invokes git and rsync. This can cause missing preflight checks or surprise runtime failures.
Required binaries (all must exist): none Install specifications No install spec — this is an instruction-only skill.
Declare git and rsync as required binaries and document required Git credential setup in metadata.