Reddi Git Summary
PassAudited by ClawScan on May 1, 2026.
Overview
This skill looks benign: it summarizes a Git repository using local, read-only git commands, though the output can include sensitive repository metadata such as remote URLs.
This is appropriate for summarizing a local Git repository. Before sharing the output, review it for private branch names, commit details, contributor information, file names from diff statistics, and especially remote URLs that might contain sensitive tokens.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read and display local repository metadata, including branch status, recent commits, and summaries of uncommitted changes.
The skill gives the agent terminal-based git commands to run. These commands are read-only and directly aligned with the stated repository-summary purpose, but they still access local repository state.
use the terminal to run the following commands ... `git status --short --branch` ... `git log --oneline -10 --decorate` ... `git diff --stat`
Use it only in repositories whose metadata you are comfortable summarizing, and review the generated summary before sharing it externally.
A repository summary could accidentally reveal private remote URLs or embedded credentials if not redacted.
Configured Git remote URLs can reveal repository locations, account identifiers, or, in poor configurations, embedded access tokens. The artifact acknowledges this and instructs redaction.
Run `git remote -v` to show configured remotes ... Always respect that some information may be sensitive - don't expose full URLs if they contain tokens.
Check remote URLs before including them in shared output, and remove any embedded tokens from Git remote configuration.