Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Git Delegation Management
v1.0.0Execute any git command on behalf of Workers without credentials by processing their git-request messages and managing workspace synchronization safely.
⭐ 0· 63·2 current·2 all-time
byMonty@montycn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (execute git operations on behalf of Workers) is coherent in principle, but SKILL.md assumes access to host git credentials (e.g. /host-share/.gitconfig and SSH keys), MinIO client (mc), and task-coordination scripts under /opt/hiclaw — none of these are declared in the registry metadata (no required binaries, no config paths, no env vars). The skill should explicitly declare those dependencies and required host access if they are necessary.
Instruction Scope
Instructions tell the Manager to execute the git commands 'literally what to run' provided by Workers, with no whitelist, sandboxing, or validation. The flow also instructs mirroring from and to MinIO and calling host scripts (/opt/hiclaw/...) and relies on git behaving safely. Running arbitrary git operations on repositories controlled by Workers (or remote URLs they request) can lead to code execution (through hooks, submodules, smudge/clean filters, git-config includes), credential leakage, and exfiltration. The instructions give broad discretion and do not limit or validate potentially dangerous operations.
Install Mechanism
This is an instruction-only skill with no install spec (low install-time risk). However, the runtime assumes the presence of 'git' and 'mc' and of specific coordination scripts on the host; those are runtime dependencies that should have been declared. Absence of a formal install spec means those dependencies will be satisified implicitly by the host, which increases operational uncertainty.
Credentials
The SKILL.md expects access to host git credentials and MinIO configuration, but the registry metadata lists no required environment variables, no primary credential, and no required config paths. This mismatch is disproportionate: a skill that performs host-authenticated git and MinIO sync should explicitly request and justify the corresponding credentials and config paths. The implicit need for host-level secrets (SSH keys, credential helpers, MinIO credentials) is a red flag.
Persistence & Privilege
always is false (good), but model invocation is allowed (normal). Combined with the skill's ability to run arbitrary git commands using host credentials and to call system scripts, autonomous invocation increases blast radius: an agent could be asked (or tricked) into performing harmful operations without further user review. The skill does not define safeguards (approval steps, command restrictions, or whitelists).
What to consider before installing
Before installing or enabling this skill, verify and harden the execution environment: 1) Confirm the exact host files and credentials the skill needs (SSH keys, /host-share/.gitconfig, MinIO client config) and only grant the minimum required access. 2) Require the skill to declare required binaries (git, mc) and config paths and to enumerate any scripts it will call under /opt/hiclaw. 3) Do NOT allow the Manager to run arbitrary worker-supplied git commands unvalidated — insist on a safe policy (whitelist allowed commands, disallow network-pushed operations, restrict remotes, or require human approval for pushes and branch creation). 4) Run delegated operations in an isolated ephemeral environment (container or jailed workspace) that cannot access host secrets or unrelated files, and ensure git hooks and filters are disabled or sanitized. 5) Ensure MinIO credentials and mc usage are explicit and stored separately; audit and log all git operations and syncs. 6) If you cannot enforce these controls, treat the skill as too risky to enable. If you want the capability, request a revised skill that declares its dependencies, enforces command validation/whitelisting, and documents its security model.Like a lobster shell, security has layers — review code before you run it.
latestvk97c7c65ybwnfxww44ebwy6zt583973r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.