GI Git Commit Helper

PassAudited by ClawScan on May 1, 2026.

Overview

This instruction-only skill coherently helps generate commit messages by reading git diffs, with no evidence of hidden code, credential use, persistence, or data exfiltration.

This appears safe for its purpose. Before using it, be aware that generated commit messages require the agent to inspect your git diff, so avoid running it on changes that include secrets, private keys, or sensitive proprietary content.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Info

#ASI02: Tool Misuse and Exploitation

What this means

Your local code changes may be read into the agent conversation so it can draft a commit message.

Why it was flagged

The skill directs the agent to use local git diff commands to inspect staged or unstaged changes. This is central to the stated commit-message purpose, but users should remember that diffs can contain sensitive source code or accidentally included secrets.

Skill content

1. 运行 `git diff --staged` 或 `git diff` 获取变更

Recommendation

Use it only in repositories where you are comfortable sharing the diff with the agent, and review diffs for secrets before invoking the skill.