Github Push
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is for GitHub pushing, but it can automatically use SSH credentials, delete local Git metadata, stage broad file changes, and force-push, so it needs careful review before use.
Only use this skill on a reviewed, backed-up repository and start with --dry-run. Do not run it on an existing repo unless you are prepared for .git metadata changes, avoid --force unless you explicitly want to rewrite remote history, verify which SSH key is loaded, and inspect git status carefully before any push.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or automated invocation could overwrite commits in a GitHub repository, affecting collaborators and making recovery difficult.
The skill explicitly advertises automatic conflict handling that includes force push, a high-impact git operation that can overwrite remote history if run without a clear user confirmation step.
- **Auto Conflict Resolution**: Auto pull + rebase + force
Require explicit user approval before any force push, show the branch and remote being changed, and prefer manual conflict resolution unless the user specifically requests history rewriting.
Choosing the wrong path or running this in an existing repository could destroy local repository metadata and then propagate a rewritten state to GitHub.
The script removes an existing .git directory before reinitializing the repository. That can erase local git history, remotes, branches, hooks, and configuration for the selected path.
if git_dir.exists():
...
shutil.rmtree(str(git_dir))Do not delete .git automatically. Require a separate, explicit confirmation, create a backup, and refuse to run on existing repositories unless the user knowingly opts in.
The skill may use a GitHub SSH identity the user did not explicitly choose, enabling pushes under that account's permissions.
The code automatically selects and loads the first matching local SSH key, while the registry metadata declares no primary credential. SSH keys grant account-level GitHub authority for any repositories that key can access.
for key_file in ssh_dir.glob('id_*'):
subprocess.run(['ssh-add', str(key_file)], capture_output=True, timeout=5)
breakDeclare SSH-key usage in metadata, require the user to select or confirm the key, and avoid auto-loading arbitrary id_* files from ~/.ssh.
Private files such as environment files, keys, or configuration secrets could be committed and pushed if they are present in the chosen path.
The artifacts claim sensitive-file filtering, but the visible commit path stages the entire directory with git add . rather than using the filtered file list. That undermines the promised protection against committing secrets.
EXCLUDE_PATTERNS = [... '.env' ... 'id_rsa' ... '*.pem' ...] ... self._run_git(['git', 'add', '.'])
Use an allowlist or explicitly add only reviewed files, show the exact git status before commit, and require user confirmation before pushing any file that matches sensitive patterns.
Users may not realize the skill depends on local git tooling and SSH credentials until it runs.
The metadata does not declare git, ssh-add, or SSH credential use, even though the included script and documentation rely on them. This is an under-declared setup/provenance issue rather than proof of malicious behavior.
Required binaries (all must exist): none ... Primary credential: none
Declare required binaries and SSH credential expectations in the skill metadata and documentation.