Smart Git Backup
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run in the wrong repository or before review, private workspace files or unintended changes could be committed and pushed to the remote Git repository.
The script broadly stages all changes, creates a commit, and pushes to the configured remote without an enforced confirmation or file allowlist.
git add . ... git commit -m "$MSG" ... git push origin "$CURRENT_BRANCH"
Run only after checking `git status` and `git diff`, use a private trusted remote, maintain a strict `.gitignore`, and consider adding a dry-run or confirmation step before `git add`, `commit`, and `push`.
Repository details, and in poorly configured remotes possibly credentials, could appear in agent logs or command output.
The script prints the full configured remote URL. Some Git remotes may include usernames, private repository paths, or embedded tokens.
REMOTE_URL=$(git remote get-url origin) log_success "Remote 'origin' configured: $REMOTE_URL"
Use SSH keys or a credential helper rather than embedding tokens in remote URLs, and mask or avoid printing full remote URLs in logs.
If the remote repository is shared or compromised, remote changes could alter local workspace memory or files that future agent sessions may rely on.
The skill syncs workspace memory with a remote repository and pulls remote changes back into the workspace, which can persist and reintroduce remote content across tasks.
Automates Git synchronization and backup of workspace memory to a remote repository. ... **Pulls** latest remote changes to avoid conflicts
Use a trusted private repository, restrict write access, and review incoming remote changes before relying on synced workspace memory.