Pywayne Bin Gitstats
v0.1.0Analyze and visualize Git commit time distribution. Use when users need to analyze Git repository commit patterns, generate commit statistics, visualize comm...
⭐ 0· 504·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md clearly describes a gitstats CLI that requires Git and Python packages (pandas, matplotlib, and a package named 'pywayne'), but the registry metadata lists no required binaries or dependencies and there are no code files. It's unclear where the 'gitstats' executable comes from or how dependencies are provided—this mismatch is disproportionate to the stated purpose.
Instruction Scope
The instructions are narrowly focused on analyzing a repository and producing image output; they direct running a local CLI, reading a repository path, and writing/overwriting output files (including absolute paths). That's consistent with the stated aim, but because the skill has no code/install spec, the runtime instructions are unverifiable. Also note the skill will read repository contents (arbitrary filesystem paths supplied by the user), which is expected for this task but is a data-scope consideration the user should review.
Install Mechanism
There is no install specification and no code files, yet SKILL.md claims requirements ('Git must be installed' and 'Python dependencies: pandas, matplotlib (installed with pywayne)'). The skill provides no source for 'pywayne' or the 'gitstats' binary. An instruction-only skill that expects a specific CLI without telling where it comes from is incoherent and risky—users cannot verify the origin of the executable or dependencies.
Credentials
The skill requests no environment variables, no credentials, and no config paths in metadata. That is proportionate to a local repository analysis tool. However, the SKILL.md does expect system-level tools (git, python packages) that are not declared—this inconsistency is already flagged under other dimensions.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. Autonomous invocation is allowed (platform default). There is no evidence the skill attempts to modify other skills or system-wide settings.
What to consider before installing
This skill describes a command-line tool ('gitstats') but supplies no code, install instructions, or trusted source for the binary/dependencies. Before installing or invoking it: 1) Ask the publisher for a clear install spec or the source repository (PyPI/GitHub) so you can inspect the code and confirm provenance. 2) Verify that 'gitstats' (or 'pywayne') is a legitimate package from a trusted source; do not run an unknown binary from an untrusted origin. 3) Be aware the tool will read repository files you point it at and will write/overwrite image files at chosen paths—avoid pointing it at sensitive directories. 4) If you must run it, do so in a sandboxed environment (container/VM) and check network activity and the package's installation steps first. If the publisher cannot provide a verifiable source or install instructions, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk973wpeew7fbwe8jy6gv53pzhh817dfc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.