Back to skill
Skillv1.0.2
ClawScan security
Prompt Git · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 2:22 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are internally consistent with a local, offline prompt version-control tool and do not request unrelated credentials or network access.
- Guidance
- This appears to be a straightforward local tool. Before installing or running: 1) Review any prompts you import from others — imports can overwrite or create history locally and may include secrets; don't import files from untrusted sources. 2) The repository defaults to ~/.promptgit — if you put that directory into cloud-sync (Dropbox/Drive/Git), your prompts (including potentially sensitive system prompts) will be stored in the cloud. 3) There's no concurrency locking: avoid running simultaneous operations against the same repo to prevent corruption. 4) The code is human-readable; if you need stronger guarantees (encryption, access control, cloud sync), consider additional tooling. Overall, the skill is coherent with its stated purpose.
Review Dimensions
- Purpose & Capability
- okThe name/description (prompt version control) matches what the files implement: local storage under ~/.promptgit, save/get/diff/rollback, search, and export/import. No unexpected cloud or privileged capabilities are requested.
- Instruction Scope
- okSKILL.md CLI examples and usage align with the code. Runtime instructions operate on local files and the repository; they don't instruct the agent to read unrelated system files, network endpoints, or environment variables.
- Install Mechanism
- okThere is no install spec (instruction-only skill for CLI usage). The included Python scripts rely only on the standard library and run locally. No external downloads or installers are used.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. All storage is local (default ~/.promptgit). The requested access is appropriate for a local versioning tool.
- Persistence & Privilege
- okThe skill is not forced-always or otherwise privileged. It does write files to a user-owned directory (~/.promptgit) as expected for a local CLI tool; it does not modify other skills or system-wide agent settings.