ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Git Commit Validator

v1.0.0

Validates git commit messages against conventional commits format. Triggers: commit lint, conventional commits, commit format.

0· 72·1 current·1 all-time
by@sky-lv·duplicate of @sky-lv/skylv-commit-linter

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sky-lv/git-commit-validator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Git Commit Validator" (sky-lv/git-commit-validator) from ClawHub.
Skill page: https://clawhub.ai/sky-lv/git-commit-validator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install git-commit-validator

ClawHub CLI

Package manager switcher

npx clawhub@latest install git-commit-validator
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promise automated validation of commit messages against Conventional Commits, but the SKILL.md only contains guidance (rules/examples) and a single command (git log --oneline -20). There is no validation algorithm, linter invocation, or steps to return structured validation results. Also the manifest header inside SKILL.md uses a different slug/name (skylv-commit-linter) than the registry entry (git-commit-validator), which is inconsistent.
Instruction Scope
The runtime instruction set is minimal and safe: it only suggests running git log to view recent commits. It does not instruct reading unrelated files, accessing environment variables, or sending data externally. However it is vague and leaves the agent discretion to 'validate' without specifying how — that open-endedness could lead an agent to perform extra repo or system inspection if not constrained.
Install Mechanism
No install spec and no code files are present. Instruction-only skills are lower risk because nothing is written to disk or downloaded during install.
Credentials
No environment variables, credentials, or config paths are requested. The skill's stated purpose does not require additional secrets, and none are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and does not persist credentials. Default autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
What to consider before installing
This skill appears low-risk but functionally incomplete: it promises automated commit-message validation but only gives rules and a command to view recent commits. If you expect an automated linter, don't rely on this skill as-is — prefer established tools (commitlint, husky, or built-in CI checks) or ask the author for a version that runs a linter and returns structured results. Before installing, consider: run it in a test repo to see exactly what commands it executes (it will run git commands locally), verify the slug/name mismatch with the author, and avoid granting any extra credentials since none are needed. If you want, request a clarified SKILL.md that either (a) invokes an actual linter (and documents required binaries) or (b) is explicitly described as a human-help/informational skill rather than an automated validator.

Like a lobster shell, security has layers — review code before you run it.

latestvk979r85kehdbt2pcah12c19r0n85cq47
72downloads
0stars
1versions
Updated 5d ago
v1.0.0
MIT-0
@sky-lv
latest
Download

Commit Linter

Overview

Validates commit messages and enforces conventional commits format.

Conventional Commit Format

type(scope): description

Types: feat, fix, docs, style, refactor, perf, test, chore

Valid Examples

feat(auth): add password reset fix(api): handle null response docs(readme): update install

Rules

  • Subject line max 72 characters
  • Use imperative mood ("add" not "added")
  • No period at end of subject
  • Separate subject from body with blank line

Validate

git log --oneline -20

Comments

Loading comments...