Commit Message Writer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is narrowly focused on drafting commit messages and PR summaries, with one minor note that it asks the agent to track usage patterns over time.
This skill appears safe for generating commit messages from text you provide. Be mindful that pasted diffs can contain sensitive code or secrets, and consider disabling persistent memory if you do not want the skill to track usage patterns across repeated use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may remember lightweight usage patterns, such as whether you usually provide diffs or descriptions, and later use that to suggest better context.
This asks the agent to retain and aggregate usage information across multiple invocations, which is a form of persistent context or memory.
After each commit message written, note whether the input was a diff, description, or code snippet. After 20 uses, surface the most common missing context that leads to weaker messages.
Use normally if this is acceptable; avoid enabling persistent memory for this skill if you do not want cross-session usage tracking.