Back to skill
Skillv0.3.0
ClawScan security
Git Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 1:33 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements align with a Git workflow helper; nothing requests unrelated credentials or installs arbitrary code.
- Guidance
- This skill appears to be what it says: a Git/PR/release workflow helper with a small local validator script. Before using: 1) Be aware the skill's default is to push commits immediately without asking — if you need confirmation, change the workflow or ask the agent to confirm before pushing. 2) For PRs/releases you must authenticate gh (gh auth login) — the skill does not request extra credentials. 3) Review commits locally before invoking the skill in sensitive repositories (secrets or private branches) because it can perform remote pushes and create releases. Otherwise the files and instructions are proportionate and contain no hidden endpoints or unexpected installs.
Review Dimensions
- Purpose & Capability
- okName/description match the requested binaries and included validator script. Requiring git (and optionally gh) is appropriate for commits, PRs, and releases. No unrelated tools or credentials are requested.
- Instruction Scope
- noteInstructions stay within git/gh operations and use a local validator script. One noteworthy policy: the skill's default behavior is to 'always push immediately' after committing and 'Do not ask.' That is coherent with the stated workflow but may be surprising or risky for users who expect confirmation before network pushes—it gives the agent permission to perform remote writes without an extra confirmation step.
- Install Mechanism
- okNo install spec; instruction-only with a small included Python validator. Nothing is downloaded or written to disk by an installer step.
- Credentials
- okNo environment variables or credentials declared. The optional use of gh is noted and would require gh auth login, which is reasonable for PR/release actions. No unrelated secrets or config paths are requested.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/platform-wide privileges. It does allow autonomous invocation (platform default), which combined with the 'auto-push' behavior is the primary operational risk to be aware of.