Back to skill
Skillv1.0.1
ClawScan security
Git Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 1:13 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its name and description (advanced Git operations) and request no unexpected credentials or installs, though it assumes git is available and will propose destructive repo commands guarded by explicit confirmation steps.
- Guidance
- This skill appears coherent and limited to Git operations, but it assumes git is installed and will propose destructive commands (branch -D, reset --hard, clean -fd, force-push). Before installing: 1) ensure you run it only in repositories where you can safely test; 2) keep automatic/autonomous invocation disabled or ensure the agent enforces the documented two-step confirmation; 3) be aware pushes will use your local Git credentials (the skill doesn't request secrets); and 4) test in a non-critical clone or sandbox to confirm behavior and prompts before using on important repos.
Review Dimensions
- Purpose & Capability
- okThe name/description and SKILL.md consistently focus on bisecting, branch cleanup, stash management, and log/reflog analysis. There are no unrelated environment variables, config paths, or external endpoints requested. One minor mismatch: the skill expects the git binary to be present (it repeatedly instructs running git commands) but the registry metadata lists no required binaries.
- Instruction Scope
- noteInstructions are narrowly scoped to repository operations (git status, fetch, bisect, branch deletion, stash operations, reset/clean, push). The skill explicitly requires two-step confirmation before destructive actions and recommends backups (tags/temporary branches/stashes). It does not instruct reading unrelated system files or exfiltrating data. Note: because it directs running commands that affect the working tree/remote, those commands will operate on local files and may trigger network operations (push/pull) using local credential helpers.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This is low-risk from an installation perspective because nothing is downloaded or written to disk by an installer.
- Credentials
- okThe skill requests no environment variables or secrets. This matches its purpose. Caveat: running git push or other network commands will use whatever Git credentials/credential-helper are configured on the host; the skill itself does not request or expose additional credentials.
- Persistence & Privilege
- okalways:false and no persistence or config writes. The skill can be invoked autonomously by the agent (default), which is normal — but because it suggests destructive git operations, autonomous execution without user confirmation would be risky; the SKILL.md explicitly requires user YES confirmations before destructive steps.