ClawHub

Git 提交信息生成器

v1.0.0

Git 提交信息生成器。根据代码变更内容自动生成符合 Conventional Commits 规范的提交信息,包含类型、范围、简短描述、详细说明和关联的 Issue/需求号。触发词:生成提交信息、提交信息、commit message、git commit、生成 commit 信息

0· 78·0 current·0 all-time
by@gnllk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided assets (SKILL.md, README, references, and a single Python script). No unrelated binaries, environment variables, or config paths are required.
Instruction Scope
Runtime instructions tell the agent to accept user text or a pasted git diff and run the included scripts/generate_commit_message.py. The instructions do not direct the agent to read arbitrary system files, access credentials, or send data to external endpoints.
Install Mechanism
No install spec — instruction-only plus a local script. Nothing is downloaded or written to disk by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths; the code likewise does not access external secrets or environment values.
Persistence & Privilege
Skill is not always-enabled and does not request elevated persistence or modify other skills/system settings. It produces output only and does not store tokens or alter agent config.
Scan Findings in Context
[unicode-control-chars] unexpected: The static scanner flagged unicode control characters in SKILL.md. This is not expected for a commit-message generator; such characters can be used to hide or alter visible text (prompt-injection technique). Review SKILL.md and other text files for hidden control characters before use.
Assessment
This skill appears coherent and limited to generating Conventional Commits messages from user-provided descriptions or diffs. Recommended precautions before installing/using: 1) Inspect SKILL.md and scripts/generate_commit_message.py locally for any hidden or unexpected content (the scanner flagged unicode-control characters in SKILL.md). 2) Do not paste diffs that contain secrets, credentials, or private keys into the skill — the generator uses whatever text you provide. 3) Run the Python script locally on harmless example diffs first to confirm behavior. 4) No credentials or installs are required, so there is low systemic risk; if you plan to integrate this into automated hooks, review and test the script to ensure it meets your team's policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk972kyes2kk74gw6rwphnvp7fh83xs9g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments