Git Manager
WarnAudited by ClawScan on May 10, 2026.
Overview
This Git skill has a legitimate purpose, but it runs an unreviewed hard-coded helper through an unsafe shell command and can perform high-impact Git changes without clear confirmation safeguards.
Review carefully before installing. Only use this skill if the shell execution is fixed, the helper scripts are included and reviewable, and commit/push actions require explicit confirmation after showing status and diff.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or poisoned input could make the agent run unintended local commands under the user's account, not just Git operations.
The command is executed through a shell, while arguments are built from input fields such as action, repo, message, files, and branch without shell-safe escaping.
exec(`"${path}" ${args.join(" ")}`, { maxBuffer: 1024 * 1024 }, ...)Use execFile or spawn with an argument array, validate allowed actions and paths, and avoid shell interpolation for user-controlled values.
The skill may fail on other systems or, if that path exists, execute code that was not part of the reviewed package.
The runtime delegates execution to a developer-specific absolute path that is not included in the provided file manifest or install spec.
const path = "/Users/nico/.openclaw/workspace/skills/git-manager/scripts/git-manager";
Package all executable helpers with the skill, use relative paths, declare install requirements, and avoid executing unreviewed absolute-path files.
The agent could publish unintended changes or sensitive files to a remote repository if the user expected only a local commit or status check.
The documented workflow can stage all changes, commit, and push to a remote repository in one chain, without showing an explicit confirmation step or file-by-file review.
# The skill will: git add . && git commit -m "style: improve login page" && git push
Require an explicit status/diff review and user confirmation before staging all files, committing, or pushing; default high-impact operations to dry-run.
The skill can make authenticated changes to repositories that the user's Git credentials can access.
Push and pull operations will use the user's existing Git credentials or SSH keys for remote repository access.
SSH keys must be pre-configured for push/pull
Use limited-scope repository credentials where possible and confirm the target remote and branch before push or pull operations.
Local logs could retain project details or commit information longer than expected.
The skill says it keeps persistent local logs of operations, which may include repository paths, branch names, commit messages, file names, or raw Git output.
All operations logged to `~/.openclaw/logs/git-manager.log`
Review or configure the log path, avoid putting secrets in commit messages, and clear logs when working with sensitive repositories.