Git Deployer
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated purpose, but it can use your Git access to force-overwrite a remote branch without a built-in confirmation or safety guard.
Install only if you are comfortable with an agent force-pushing to the specified Git repository. Before each use, verify the site path, remote URL, and branch; prefer a scoped deploy key; avoid embedding tokens in URLs; and delete the /tmp clone if it contains anything sensitive.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or autonomous invocation could replace a GitHub Pages site, delete files from the remote branch, or overwrite branch history.
The script always force-pushes the selected branch after staging and committing changes. There is no artifact-backed confirmation, dry run, backup, allowlist, or safer force-with-lease guard.
git push -u origin "$BRANCH" --force
Require explicit user confirmation before pushing, verify the remote URL and branch, prefer normal push or --force-with-lease, and consider adding a dry-run or backup step.
The skill can modify any repository and branch that the configured Git credential is allowed to push to.
The skill expects existing Git authentication so it can write to the remote repository. This is purpose-aligned, but it means the skill acts with the authority of the user's Git credentials or deploy key.
- `git` must be installed and configured with credentials for the remote - SSH key or HTTPS token auth must be set up for the remote repository
Use a narrowly scoped deploy key or token, confirm the target repository and branch before use, and avoid putting tokens directly in the remote URL because the script prints the remote URL.
The skill may fail or behave differently on systems without the expected tools installed.
The metadata declares no binary requirements, while the provided script depends on command-line tools such as git and rsync. This is mainly an installation/setup disclosure gap, not hidden behavior.
Required binaries (all must exist): none Required binaries (at least one): none
Declare required tools in metadata and document all runtime dependencies, including rsync.
A copy of the deployed site remains under /tmp until removed, which may matter if the site directory contains private or draft content.
The skill intentionally leaves deployment state on disk after it finishes. This is disclosed and not hidden background behavior, but it is persistent local state.
Clone happens in `/tmp` and is not cleaned up automatically (intentional: allows inspection)
Inspect and delete the /tmp clone when it is no longer needed, and do not deploy directories containing secrets.