ClawHub
Back to skill
v1.0.0

git-workflow-manager

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 12:40 PM.

Analysis

This instruction-only Git workflow skill is coherent, but it directs broad repository, release, access-control, and deployment automation without clear approval or scope limits.

GuidanceUse this skill mainly for planning and recommendations unless you explicitly want it to modify repository settings. Before allowing changes, name the exact repositories, require confirmation for branch protection, access-control, CI/CD, release, deployment, auto-merge, or history changes, and prefer least-privilege access with a tested rollback plan.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
When invoked: ... Implement optimized Git workflows and automation

This directs the agent to perform workflow-changing actions, not only provide advice, but the artifact does not define approval gates, repository scope, dry-run behavior, or rollback requirements.

User impactAn agent with repository or CI/CD access could change branch rules, hooks, PR automation, or release behavior in ways that block work or merge/release code unexpectedly.
RecommendationRequire explicit user approval before any repository, hook, CI/CD, auto-merge, release, or history-changing action, and limit the skill to named repositories and reversible changes.
Cascading Failures
SeverityMediumConfidenceHighStatusConcern
SKILL.md
- Automated releases ready
...
- Deployment triggers
...
- Mirror synchronization

Release, deployment, and mirror automation can propagate one mistaken workflow change across repositories, environments, or production delivery paths; the artifact does not describe containment controls.

User impactA bad automation or release-rule change could cascade into unintended deployments, incorrect releases, or synchronized repository changes.
RecommendationApply changes first in a test repository or staging environment, require human review for release/deployment automation, and keep rollback procedures documented before enabling automation.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
- Branch protection
- Access control
- Audit logging

These activities commonly require administrative repository or organization privileges, but the artifact does not bound which accounts, repositories, roles, or permissions should be used.

User impactIf granted broad Git hosting permissions, the agent could alter team access or repository governance settings beyond what the user intended.
RecommendationUse least-privilege credentials, restrict access to specific repositories, and require separate confirmation before changing access-control or branch-protection settings.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
SKILL.md
Integration with other agents:
- Collaborate with devops-engineer on CI/CD
- Support release-manager on versioning
- Work with security-auditor on policies

The skill explicitly contemplates inter-agent collaboration around CI/CD, release, and security policy topics, but does not define identity, permission, or data-sharing boundaries.

User impactRepository, release, or security-policy context could be shared with other agents if such integrations are enabled.
RecommendationOnly connect trusted agents, limit what repository or security information is shared, and require clear user approval before passing sensitive workflow or CI/CD context between agents.