Post Merge Rename
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: post-merge-rename Version: 1.9.72 The skill is a Git maintenance utility designed to rename branches merged into 'main' with a date-stamped suffix. The core logic in 'post-merge-rename.sh' performs standard Git operations (local rename, push new name, delete old remote name) that align with the documentation in SKILL.md and README.md, with no evidence of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill in the wrong repository, or before reviewing the branch list, could change shared remote branch names and disrupt teammates, CI jobs, or branch-based workflows.
The default scan path can rename all merged local branches, push new branch names to origin, and delete the old remote branch names without an explicit confirmation step.
merged=$(git branch --merged main ...) ... git branch -m "$trimmed" "$new_name" 2>/dev/null || true git push origin "$new_name" 2>/dev/null || true git push origin --delete "$trimmed" 2>/dev/null || true
Make dry-run the default, require explicit user confirmation before pushing or deleting remote refs, and prefer an explicit branch argument for remote mutations.
A user may underestimate the impact because the wording suggests no deletion occurs, even though the old remote branch name is removed from origin.
The script contains a reassuring 'Never deletes branches' claim while also deleting the old remote branch ref as part of the remote rename process.
# Never deletes branches. Only renames. ... git push origin --delete "$trimmed" 2>/dev/null || true
Clarify that remote renaming is implemented by pushing the new ref and deleting the old remote ref, and state the collaboration impact plainly.
The skill can perform whatever branch push/delete actions the current Git credentials are allowed to perform.
These commands use the user's configured Git remote access to mutate branches on origin.
git push origin "$new_name" 2>/dev/null || true ... git push origin --delete "$trimmed" 2>/dev/null || true
Run it only in repositories where you intend to allow branch ref changes, and use Git branch protections or least-privilege credentials where possible.