Security checks across static analysis, malware telemetry, and agentic risk
This skill mostly matches its local skill-versioning purpose, but it needs review because some commands pass user input directly into Bash and it can make persistent changes to agent skill files.
Install only if you are comfortable giving this skill local Bash/git access to your agent skill folders. Use simple, trusted command arguments, inspect all confirmation prompts before approving commits, merges, or reverts, and periodically review or delete `~/.skill-git` caches if your skill files contain sensitive instructions.
- **Prompt injection**: Rule contains phrases like "ignore previous instructions", "disregard all rules", "from now on you are", "forget everything"
VirusTotal engine telemetry is currently stale for this artifact.
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious argument could potentially run commands on the user's machine outside the intended skill-management workflow.
The command permits Bash and injects raw user command arguments into a shell prelude without visible quoting or escaping. If shell metacharacters are accepted by the host, arguments could alter the command line and execute unintended local shell commands.
allowed-tools: Bash(bash *) ... !`bash "${CLAUDE_PLUGIN_ROOT}/scripts/sg-prelude.sh" $ARGUMENTS`Quote or safely pass arguments via an environment variable or array, validate accepted flags before any Bash execution, and narrow allowed Bash patterns to specific helper scripts.
Confirmed revert or merge operations can permanently change skill files and affect how the agent behaves in future sessions.
The revert workflow can hard-reset skill repositories and delete newer version tags. The document includes backups and explicit confirmation prompts, so this is purpose-aligned but high-impact.
bash "${CLAUDE_PLUGIN_ROOT}/scripts/sg-git.sh" "<path>" reset --hard <target-tag> ... tag -d <tag>Review the summaries and backup locations before confirming destructive operations, and avoid using bulk actions unless you understand which skills will change.
Local summaries of your skills and agent configuration may remain on disk after scans or checks.
The check workflow reads skill files and agent config files, extracts rules, and stores them in persistent local cache files for reuse.
Cache path: `~/.skill-git/cache/<agent>/rules/<skill_name>.json` ... Config files ... project-level agent config ... global agent config
Treat `~/.skill-git/cache` as sensitive local data, clear it if needed, and avoid placing secrets in skill or agent instruction files.
Users may not realize the skill needs local git/Bash execution until they invoke it.
The skill depends on local git and bundled Bash helpers, while registry metadata lists no required binaries. This is expected for a git-management skill but should be declared clearly.
Run: `git --version` ... Run: `bash "${CLAUDE_PLUGIN_ROOT}/scripts/sg-init.sh" -a <agent> [--project]`Declare git and shell-script usage in metadata and install documentation so users can make an informed decision before enabling the skill.