ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Git Auto

Git workspace automation (status/commit/push/log/diff)

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 543 · 3 current installs · 3 all-time installs
by@mupengi-bot
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill name and description claim multi-repo scans, conventional-commit generation/validation, branch-protection and conflict checks, and a force-push confirmation flow. The included run.sh implements only a single-workspace script that cd's to $WORKSPACE and supports basic status/commit/push/log/diff actions. Several claimed features (multi-repo, detailed message generation/validation, conflict detection, force-push confirmation) are not implemented in run.sh — the capability claims exceed the actual code.
!
Instruction Scope
SKILL.md promises safety checks and sensitive-file protections, but run.sh will run git add -A and git commit -m with automatically generated messages and then git push origin <branch> with no checks for .env/.secrets, no conflict verification, and no --force confirmation handling. The script also relies on a WORKSPACE path (defaulting to $HOME/.openclaw/workspace) and blindly operates there, which could cause unintended commits/pushes if that directory contains important repos or sensitive files.
Install Mechanism
Instruction-only with a small shell script included; there is no install spec or external downloads. Nothing is written to disk by an installer step beyond the provided files.
Credentials
The skill declares no required env vars or credentials, which is consistent. However, run.sh uses $WORKSPACE (defaulting to $HOME/.openclaw/workspace) and will invoke git push, which will use whatever local git credentials/config are present. That implicit use of the user's git credentials is expected for a git tool but is worth noting because pushes will act with the agent's Git identity and auth.
Persistence & Privilege
The skill does not request always:true, has no install actions that modify other skills or system-wide settings, and is user-invocable only by default. It does perform repository writes (add/commit/push) when run, which is normal for a git utility but means it can change user repos when invoked.
What to consider before installing
This skill is coherent with a git automation tool, but its documentation over-promises and the script will automatically stage (git add -A), commit, and push without the safety checks promised in the docs. Before installing/using: (1) inspect run.sh yourself and test it in a throwaway repo; (2) set WORKSPACE explicitly to a safe test directory (do not rely on the default); (3) be aware it will use your local git credentials to push; (4) avoid running it in repos that might contain secrets (.env, .secrets) because the script does not actually block or scan for them; (5) if you need the promised safety checks (conflict detection, force-push confirmation, multi-repo behavior), request or implement those features before using it on important repositories.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9774tjzfs6xar5ppj15xyk0f581d9ny

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

git-auto

Git Workspace Automation — Streamline daily Git operations with intelligent defaults. Status checks, smart commits, safe pushes, and diff analysis in one skill.

When to Use

  • Check workspace status across multiple repos
  • Generate meaningful commit messages from staged changes
  • Push with safety checks (branch protection, conflict detection)
  • View formatted logs and diffs
  • Batch operations across monorepo subdirectories

Commands

status

# Show concise workspace status
git-auto status
# Multi-repo status scan
git-auto status --all

Returns: modified files, untracked files, branch info, ahead/behind count.

commit

# Auto-generate commit message from diff
git-auto commit
# With explicit message
git-auto commit -m "feat: add user auth"
# Commit specific files
git-auto commit -f "src/auth.ts,src/types.ts"

Behavior:

  1. Runs git diff --staged to analyze changes
  2. Generates conventional commit message (feat/fix/refactor/docs/chore)
  3. Validates message format before committing
  4. Shows commit hash and summary

push

# Push current branch with safety checks
git-auto push
# Force push (with confirmation)
git-auto push --force

Safety checks:

  • Warns if pushing to main/master directly
  • Checks for upstream conflicts
  • Verifies remote exists

log

# Last 10 commits, formatted
git-auto log
# Last N commits
git-auto log -n 20
# Filter by author
git-auto log --author "name"

diff

# Staged changes
git-auto diff
# Working directory changes
git-auto diff --unstaged
# Between branches
git-auto diff main..feature-branch

Smart Commit Message Format

Uses Conventional Commits:

  • feat: — New feature
  • fix: — Bug fix
  • refactor: — Code restructuring
  • docs: — Documentation only
  • chore: — Maintenance tasks
  • test: — Adding/updating tests

Integration

Works with any Git repository. No configuration needed — auto-detects .git directory and current branch. Pairs well with code-review skill for pre-commit analysis.

Error Handling

SituationBehavior
Not a git repoClear error message with suggestion
Merge conflictsShows conflict files, suggests resolution
No staged changesPrompts to stage or shows unstaged changes
Auth failureSuggests credential refresh
Detached HEADWarns and suggests creating branch

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…