Git Commit Helper Pro
Automatically generates standardized Git commit messages by analyzing code changes, supporting multiple languages and Conventional Commits format.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 104 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, and index.js are coherent: the code runs git commands, parses git diff --cached --stat, and builds Conventional Commit-style messages. No unrelated environment variables, binaries, or installs are requested.
Instruction Scope
SKILL.md instructs the agent to analyze staged changes and generate commit messages — this is within scope. However, a static scan flagged unicode-control-chars in SKILL.md (prompt-injection pattern). While the visible SKILL.md content is benign, invisible control characters can be used to manipulate downstream parsers or agent behavior; manual inspection/removal is recommended.
Install Mechanism
No install spec; the skill is instruction/code-only. package.json has no dependencies and included files are local. This is low-risk from an installation perspective.
Credentials
The skill requests no environment variables, no credentials, and no config paths. It only needs access to a git repository working directory, which matches its purpose.
Persistence & Privilege
always is false; skill does not request persistent or system-wide privileges and does not modify other skills. It can run autonomously (platform default), but that is not combined with broad credential access.
Scan Findings in Context
[unicode-control-chars] unexpected: Detected in SKILL.md. A commit-helper skill does not need invisible/control characters; these can be used for prompt-injection or to alter how text is parsed/displayed. Recommend opening SKILL.md in a hex/vis-mode editor or running a sanitizer to remove control characters before installing.
What to consider before installing
This skill appears to implement the advertised commit-message generator and only invokes git commands (execSync) to read staged diffs — that's expected. However: 1) Inspect SKILL.md for invisible/control characters and remove them; they are a common prompt-injection vector. 2) Review index.js locally: execSync is used but only with hard-coded git commands ('git rev-parse' and 'git diff --cached --stat'), which is reasonable; ensure you run it in a trusted repository and not in a directory containing sensitive files. 3) Run the included test.js in a sandbox or throwaway repo to confirm behavior. 4) Because the publisher/source is unknown, be cautious about giving this skill broad access in automated/autonomous contexts; prefer manual invocation until you are satisfied. If you are not comfortable inspecting files yourself, do not install from this unknown source.index.js:73
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Git Commit Helper
智能 Git Commit Message 生成器 - 根据代码变更自动生成规范的 commit message。
功能
- 🤖 智能分析:分析 git diff,理解代码变更内容
- 📝 规范生成:生成符合 Conventional Commits 规范的 message
- 🌍 多语言:支持中文和英文 commit message
- 🎯 类型识别:自动识别 feat/fix/docs/style/refactor/test/chore 等类型
- ⚡ 一键使用:复制即可用,支持自定义修改
使用方式
帮我生成 commit message
或在 git 仓库中:
git add .
分析当前变更并生成 commit message
输出示例
feat(user): 添加用户登录验证功能
- 实现 JWT token 生成和验证
- 添加登录接口 /api/auth/login
- 添加密码加密处理
- 编写单元测试
Closes #123
支持的类型
feat: 新功能fix: 修复 bugdocs: 文档更新style: 代码格式调整refactor: 代码重构test: 测试相关chore: 构建/工具/配置
作者
倒里牢数 · 严谨专业版
版本
1.0.0
Files
6 totalSelect a file
Select a file to preview.
Comments
Loading comments…