Skillv1.0.0

ClawScan security

git-commit-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

ReviewMar 15, 2026, 12:40 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior matches a Git commit helper and is mostly coherent, but a prompt-injection signal (unicode control characters) was detected in the SKILL.md which warrants caution before installing.
Guidance: This skill appears to do what it says (analyzes git diffs, suggests Gitmoji commit messages, and stages/commits/pushes with confirmations). However, a prompt-injection signal (hidden/unicode control characters) was found in the SKILL.md. Before installing, review the raw SKILL.md for invisible characters or unexpected content, and preferably run the skill in a test repository first. Ensure it always asks for your explicit Yes/No before git add/commit/push and do not grant it any additional credentials or persistent privileges. If you see zero-width or control characters in the file, remove them or request a clean copy from the publisher; treat that finding as suspicious until resolved.
Findings: [unicode-control-chars] unexpected: The pre-scan detected unicode control / zero-width characters in SKILL.md. This is not expected for a simple instruction doc and could be used to obfuscate malicious instructions or to attempt prompt-injection. It should be manually inspected and cleaned; presence of these characters reduces trust in the file.

Purpose & Capability: okName/description (git commit generator using Gitmoji) aligns with the instructions: reading git status/diff, generating commit messages, staging/committing/pushing. No unrelated binaries, env vars, or external services are requested.
Instruction Scope: noteRuntime instructions limit actions to git commands (status, diff, add, commit, push) and include a clear multi-step confirmation flow and a mandatory sensitive-data check. This is appropriate for the stated purpose. However, the SKILL.md contains a prompt-injection detection (unicode control characters) which may be an attempt to manipulate agent behaviour or evaluations; the file should be inspected for hidden/zero-width characters before trusting automatic processing.
Install Mechanism: okInstruction-only skill with no install spec and no code to write to disk — minimal install risk.
Credentials: okNo environment variables, credentials, or config paths are requested. The sensitive-file and diff checks are reasonable and align with the commit helper role.
Persistence & Privilege: okalways: false and no indication the skill attempts to persist beyond normal runtime. It does stage/commit/push only after explicit user confirmations per the instructions.