Reddi Git Summary
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read and display local repository metadata, including branch status, recent commits, and summaries of uncommitted changes.
The skill gives the agent terminal-based git commands to run. These commands are read-only and directly aligned with the stated repository-summary purpose, but they still access local repository state.
use the terminal to run the following commands ... `git status --short --branch` ... `git log --oneline -10 --decorate` ... `git diff --stat`
Use it only in repositories whose metadata you are comfortable summarizing, and review the generated summary before sharing it externally.
A repository summary could accidentally reveal private remote URLs or embedded credentials if not redacted.
Configured Git remote URLs can reveal repository locations, account identifiers, or, in poor configurations, embedded access tokens. The artifact acknowledges this and instructs redaction.
Run `git remote -v` to show configured remotes ... Always respect that some information may be sensitive - don't expose full URLs if they contain tokens.
Check remote URLs before including them in shared output, and remove any embedded tokens from Git remote configuration.