ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

auto-git

Commit and push local project changes to GitHub, with optional repo creation and deployment hints.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 144 · 1 current installs · 1 all-time installs
by范士轶@cruciata
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a PowerShell-based GitHub deploy helper and refers to an included file 'github-deploy-skill.ps1', but that file is not present in the package. Requiring a local script to perform commits and pushes is reasonable, but referencing a non-existent script is incoherent and unexplained.
!
Instruction Scope
Instructions are narrowly scoped to git/gh operations (commit, push, optional repo creation) which is appropriate. However they explicitly recommend running a script with 'powershell -ExecutionPolicy Bypass -File ...', which bypasses PowerShell execution policy and makes it easier to run unsigned/remote code. Because the actual script content is missing, the instructions implicitly push the operator to obtain or run external code — a potentially risky/ambiguous action.
Install Mechanism
There is no install spec and no files are written to disk by the skill itself (instruction-only). This is low-risk behavior in isolation. The skill does require the external binaries 'git' and optionally 'gh', but does not attempt to install them.
Credentials
No environment variables or credentials are requested by the skill metadata. The runtime behavior (use of the GitHub CLI 'gh') will rely on whatever GitHub authentication the user already has configured; this is proportionate. However, because the script is missing, it's unclear whether it would access any other credentials or config files.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system presence or modify other skills' configs. Autonomous invocation is allowed by default (normal) and not by itself a concern here.
What to consider before installing
Do not run unsigned or missing scripts with ExecutionPolicy Bypass. Before installing or using this skill: (1) Ask the publisher for the missing 'github-deploy-skill.ps1' and review its full source locally — do not execute it blind. (2) Prefer not to use '-ExecutionPolicy Bypass' unless you understand and trust the script contents. (3) Ensure git and gh are installed and that your GitHub auth is configured through gh (so tokens remain under your control). (4) Ask for a homepage or source repo / verify the author; the package currently lacks provenance. If the author cannot supply the script content or a trustworthy source, treat the skill as unsafe to run.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97anz3awcxnhmbajh7jfb21g982n74c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

GitHub Deploy Skill

This skill provides a reusable PowerShell script for Windows to automate:

  1. Git checks
  2. Commit creation
  3. Push to remote branch
  4. Optional GitHub repository creation (via GitHub CLI)
  5. Optional deployment hints (for Streamlit flow)

Included file

  • github-deploy-skill.ps1

Parameters

  • -CommitMessage (required): commit message text
  • -Repo (optional): GitHub repository in owner/repo format
  • -Branch (optional): target branch, default main
  • -CreateRepo (optional switch): create repo with gh if missing
  • -SkipDeployHint (optional switch): do not print deployment hint

Usage

From any Git project folder:

powershell -ExecutionPolicy Bypass -File .\github-deploy-skill.ps1 -CommitMessage "feat: update" -Repo "owner/repo" -Branch "main"

Create repository automatically:

powershell -ExecutionPolicy Bypass -File .\github-deploy-skill.ps1 -CommitMessage "init" -Repo "owner/new-repo" -CreateRepo

Expected output

  • Success: commit and push completed
  • Failure: explicit error with reason (missing command, auth, push/network, remote config)

Requirements

  • Git installed and available in PATH
  • Network access to remote Git host
  • If -CreateRepo is used: GitHub CLI (gh) installed and authenticated

Notes

  • Works with repositories that do not yet have a first commit.
  • If origin does not exist, pass -Repo and the script will add it automatically.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…