Worktree Manager
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: worktree-manager Version: 1.0.3 The Worktree Manager skill is a legitimate developer tool for managing Docker-compose environments and Git worktrees. The 'run.sh' script includes robust input validation (validate_name, validate_db_name) to prevent shell and SQL injection, and the 'SKILL.md' instructions correctly guide the agent to confirm destructive actions like worktree removal. No indicators of data exfiltration, unauthorized remote execution, or malicious intent were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken instance name or unapproved command could delete local development data and worktree files.
The skill exposes commands that can stop containers, drop a database, and remove a Git worktree. This is aligned with the stated purpose and disclosed as destructive, but it is high-impact.
./run.sh remove-worktree <name> # stop containers + drop db + remove worktree
Run `./run.sh list` first, confirm the exact instance name, and require explicit user approval before `remove-worktree`.
Using the default password or root access outside a trusted local dev setup could expose or alter databases more broadly than intended.
The script uses MySQL root credentials and defaults to `secret` if no password is provided. That is expected for this local database-management workflow but is sensitive authority.
MYSQL_ROOT_PASS="${MYSQL_ROOT_PASSWORD:-${MYSQL_ROOT_PASS:-secret}}" ... mysql -uroot -p"$MYSQL_ROOT_PASS"Set `MYSQL_ROOT_PASSWORD` explicitly, avoid production databases, and run this only against the intended local MySQL container.
Any data in the main local database may be duplicated into worktree databases.
Starting non-main instances copies the main database into the target instance database. This is disclosed seeding behavior, but it can propagate sensitive or stale data into new dev instances.
mysqldump -uroot -p"$MYSQL_ROOT_PASS" "$MYSQL_MAIN_DB" | docker exec -i "$MYSQL_CONTAINER" mysql -uroot -p"$MYSQL_ROOT_PASS" "$dest_db"
Use sanitized development data for `MYSQL_MAIN_DB` and avoid seeding from production-like databases.
It may be harder to verify which exact release or source code is being installed and reviewed.
The registry source is not identified, and the versioning is inconsistent with `SKILL.md` showing `version: 1.3.0` and `_meta.json` showing `version: 1.0.2`.
Source: unknown; Homepage: none; Version: 1.0.3
Confirm the trusted origin and expected version before using the skill, especially before running its shell script in a project.