Back to skill
Skillv1.0.0
ClawScan security
Git Factory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 29, 2026, 8:42 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The documentation describes a useful git worktree workflow, but the runtime instructions refer to PowerShell scripts and automated actions that are not included or justified, and the skill implicitly expects network push/PR credentials without declaring them.
- Guidance
- This skill's documentation describes useful behavior, but the package contains no scripts or install steps — the SKILL.md points at PowerShell scripts that aren't included and references Windows-specific paths. Before installing or using: 1) ask the publisher for the missing script files or the repository that contains them and inspect those scripts for unsafe actions (especially any network calls, credential handling, or deletion logic); 2) confirm which Git host (GitHub/GitLab/etc.) and credential method the workflow expects and ensure you won't leak tokens or push unintended changes; 3) verify OS compatibility (the instructions are PowerShell/Windows-centric) and test in a safe sandbox or throwaway repo; 4) if you plan to allow automated PR creation/cleanup, ensure any tokens are scoped minimally and review scheduling/cleanup behavior to avoid accidental data loss. If the author cannot produce the scripts or a trusted repository, treat the skill as incomplete/untrusted.
Review Dimensions
- Purpose & Capability
- concernThe name and description (provision/manage worktrees) match the SKILL.md content, but the SKILL.md expects concrete scripts at .\skills\git-factory\scripts\*.ps1 to perform actions. No code files or install spec are present, so the skill declares capability it cannot perform as packaged. Additionally the instructions are Windows/PowerShell-specific (examples, C:\ paths, .ps1 files) while the skill has no OS restriction declared.
- Instruction Scope
- concernThe instructions tell the agent (or operator) to run specific PowerShell scripts to create/finish/cleanup worktrees, to push branches and create PRs, and to add .worktrees to .gitignore. Those actions involve filesystem changes, network operations (git push, PR creation), and periodic cleanup, but the SKILL.md does not include or link the scripts, nor does it describe how credentials or remote hosts are handled. The agent would be asked to perform operations (push, create PRs, delete worktrees) that transmit data externally and change repo state without declared credential handling.
- Install Mechanism
- noteNo install spec (instruction-only) — low disk/write risk. However the SKILL.md assumes the presence of packaged scripts under the repo path; since no code files are present, that is an incoherence: the skill expects artifacts that are not included, which means the instructions are incomplete or the packaging is broken.
- Credentials
- noteThe skill declares no required environment variables or credentials, but the documented workflow requires pushing branches and optionally creating PRs (operations that typically require Git credentials or API tokens). The absence of any declared credential requirement is noteworthy; it relies implicitly on the user's existing git authentication without documenting host/provider assumptions (e.g., GitHub, GitLab) or token usage.
- Persistence & Privilege
- okNo elevated persistence requested (always: false). The skill does not request to run always or to modify other skill configs. There is mention of periodic cleanup, but no mechanism is provided and no automation privilege is requested in the metadata.