ClawHub

git-repo-cleaner

v1.0.0

Audit and clean up Git repositories. Find stale/merged branches, large files in history, orphaned tags, repo bloat, and generate cleanup scripts. Use when as...

0· 12·0 current·0 all-time
by@charlie-morrison
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, SKILL.md, STATUS.md, and the included Python script all describe repository auditing (stale/merged branches, large files, stats) and script generation. The declared requirements (none) and use of the git CLI are proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run the included script against a local repository path and to review generated scripts before executing. The instructions reference only repo paths and git operations; they do not ask the agent to read arbitrary unrelated files or transmit data externally.
Install Mechanism
No install spec — instruction-only with a bundled Python script. This is low-risk and consistent with a CLI tool that requires only the git binary and Python runtime.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The operations (reading a repo directory and invoking git) align with the task and do not require elevated secrets or external service tokens.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. It generates cleanup scripts but explicitly documents that --fix produces scripts (does not execute by default). No evidence of the skill modifying other skills or system configs.
Assessment
This skill appears to do what it says: audit a local Git repo and generate safe cleanup scripts. Before installing or running: (1) review the full scripts/audit_repo.py file (the provided listing was truncated here) to confirm there are no unexpected network calls or destructive commands; (2) run audits on a clone or non-critical copy of repositories; (3) always inspect cleanup.sh before executing, and avoid using --force-delete unless you have backups and understand the consequences; (4) ensure the machine has git and Python3 and run the tool with an account that has only the necessary filesystem access. If you want higher assurance, ask the author for the full untruncated source or run the script in a sandboxed environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk973nt9ffkm8tbn0b81bsrvz6n84mgnw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments