Skillv1.0.0

ClawScan security

commit-history-exporter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 9:54 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior mostly matches its description (exporting Git/SVN commits), but the package metadata omits required binaries (git, svn, python3/sqlite) and the scripts use unsafe eval/parsing patterns and read local SVN DBs — these mismatches and risky coding choices warrant caution.
Guidance: This skill appears to do what it says (export Git/SVN commit histories), but there are three things to consider before installing or running it: 1) Missing metadata: the skill does not declare required binaries, but it expects 'git' for Git exports, 'svn' for SVN server logs, and 'python3' (with SQLite) for local .svn/wc.db queries. Ensure those tools are available and trust the environment where the scripts run. 2) Sensitive data and scope: for SVN 'detailed' reports you may need to supply SVN username/password (the scripts accept these as command arguments). Running the scripts in a workspace with an .svn directory will read the local wc.db (which can include repository URLs and metadata). Only run this on repositories you trust and have permission to inspect. 3) Coding risks: the shell scripts use eval and simple text-splitting of git/svn output; if author names, paths, or commit messages contain special characters this can break parsing or (if untrusted inputs are provided) could enable command injection. Prefer running the scripts with controlled inputs, or review/modify them to avoid eval and to properly escape inputs before use. If you want to proceed: request the pack maintainer update the metadata to declare required binaries (git, svn, python3), or run these scripts manually after inspection rather than allowing an agent to execute them autonomously. If you need a safer alternative, consider tools that directly use libgit2/python bindings or sanitized command construction.
Findings: [pre-scan-none-detected] expected: No regex-based warnings were detected by the scanner. That aligns with the code being ordinary shell/Python scripts, but absence of findings is not evidence of correctness or safety.

Review Dimensions

Purpose & Capability: concernThe skill claims to export Git and SVN histories, which legitimately requires git, svn and a Python runtime (for local wc.db queries). However the registry metadata declares no required binaries. That is an incoherence: a consumer would reasonably expect 'git', 'svn' and 'python3' (and sqlite support) to be declared as required.
Instruction Scope: noteSKILL.md and the shipped scripts stay within the stated purpose (scanning repo history, optionally reading .svn/wc.db). They explicitly read local repository files (including .svn/wc.db) which can contain repo URLs and metadata — expected for SVN local queries. The scripts rely on user-supplied parameters for author/path/auth; they also use eval to build/execute shell commands and split git log output on '|' which can break or be unsafe if inputs or commit messages contain special characters. This is a correctness and injection-risk concern, not necessarily malicious.
Install Mechanism: okThere is no install mechanism (instruction-only plus included scripts). That minimizes installer risk. The skill does ship shell and Python scripts (written to disk as part of the skill bundle), which will be executed by the agent when invoked — expected for an instruction-only skill with helpers.
Credentials: noteThe skill requests no environment variables or credentials in metadata. Runtime usage does accept SVN username/password as CLI arguments (documented) to fetch server-side logs — that is proportionate. However the metadata omission of required binaries is inconsistent. The skill also references SVN auth cache locations (~/.subversion/auth) in docs; it does not automatically read them, but users should be aware the scripts will run in the agent's environment and could be pointed at directories containing saved auth.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide privileges or attempt to modify other skills or agent-wide configs. It only reads repository files in the specified project path and writes export files locally — consistent with its purpose.