Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
auto-commit
v1.0.2Triggers on any task that modifies code. Provides instructions to surgically stage and commit only the modified code files to save progress.
⭐ 1· 165·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match the instructions (saving code changes via git commits). However, the SKILL.md explicitly instructs running git commands (git add, git status, git commit) while the registry metadata lists no required binaries or dependencies (git is not declared). That's an inconsistency: a legitimate auto-commit skill should declare git as a required binary and possibly document expected repository layout and permissions.
Instruction Scope
Instructions order the agent to 'MUST automatically create a git commit' and explicitly say 'Do not ask for permission; execute the commit automatically' (unless user asked not to). This gives the agent authority to modify the user's repo without per-action consent. The procedure attempts to limit staging to specific file types and to avoid env files, but the rules are informal and leave room for errors (sensitive files could still be staged/committed, commit messages might include sensitive context). The skill does not instruct showing a diff or asking for confirmation in ambiguous cases, increasing risk of unintended commits.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That minimizes supply-chain risk. The remaining risk comes from the commands the agent will run at runtime (git), not from an install step.
Credentials
The skill requests no environment variables and no credentials, which is proportionate. However, it requires filesystem and git repository access (unstated) and can create commits containing repository contents or commit messages that might leak sensitive data. The provided references/ignore_list.txt indicates some awareness of files that should be avoided, but ignoring patterns are not enforced by the SKILL.md instructions.
Persistence & Privilege
always:false (normal) and model invocation is allowed (normal), but the explicit instruction to auto-commit without asking turns autonomous invocation into a potentially intrusive capability: an agent could repeatedly modify the user's git history locally. While commits alone don't exfiltrate data, they can persist sensitive content in history and later be pushed. The skill does not request lasting privileges beyond running git, but the 'do not ask' requirement elevates its behavioral privilege and reduces user control.
What to consider before installing
This skill will automatically stage and commit changes in repositories when the agent modifies code; it comes from an unknown source and does not declare git as a required binary. Before installing, consider: (1) Do you want an autonomous actor to create commits in your repos without per-action confirmation? (2) The skill could accidentally commit secrets or sensitive files—ensure robust .gitignore and consider adding secret-detection checks. Recommended mitigations: require the skill to declare git in metadata, require explicit user opt-in per session or show diffs and ask for confirmation before commit, forbid committing files matching secret patterns, and log/stage operations for user review. If you need tighter control, do not install this skill or run it only in isolated/sandbox repos until its behavior is audited and modified to ask for confirmation.Like a lobster shell, security has layers — review code before you run it.
latestvk97en0v0tze49prx3t7nh77fdn8328gj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.