ClawHub

Skill

v1.0.0

Semantic git history search and code archaeology. Use when asked why code exists, who owns a file, what introduced a regression, what changed in a commit ran...

1· 38·0 current·0 all-time
byVenkat Ambati@venki0552
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared dependency (slg) and the npm install spec for slg-cli. Requiring the 'slg' binary is appropriate for a git-history semantic search tool.
Instruction Scope
SKILL.md confines runtime actions to running slg commands (init, reindex, why, blame, bisect, diff, serve) against the local repository and starting a local MCP server. This is expected, but it does instruct running a local server that will expose repository history to the agent — users should be aware that the agent (or any configured MCP client) will be able to query local git history.
Install Mechanism
Install uses an npm global package (slg-cli) which is an expected distribution for a CLI. npm packages can run install/postinstall scripts, so review the package source (npm page / GitHub) before installing globally; using npx avoids a permanent global install.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The skill's access needs are limited to local git repositories, which matches the functionality.
Persistence & Privilege
always is false and the skill does not request system-wide persistence. It suggests configuring an MCP server entry for the agent (normal for agent integration) but does not modify other skills or request elevated privileges.
Assessment
This skill appears to be what it says: a local-first semantic git-history tool. Before installing, consider: (1) inspect the slg-cli package on npm/GitHub to confirm maintainership and review any postinstall scripts; (2) prefer npx slg-cli for one-off use instead of npm -g if you want to avoid global installs; (3) be aware that running 'slg init' indexes your repository and 'slg serve' starts a local MCP server that will expose indexed git history to any agent process you connect — avoid serving in untrusted networks and don't point it at repos containing secrets you don't want queried; (4) run initial indexing in a safe environment (e.g., a sandbox or personal machine) if you have sensitive code. Overall the skill is coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk976vxfceggr44krhedznxft89847eyj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Binsslg

Install

Install slg-cli (npm global)
Bins: slg
npm i -g slg-cli

Comments