git提交前审查
Security checks across malware telemetry and agentic risk
Overview
This is a coherent pre-commit review skill that reads local git diffs and related file content, with no evidence of credential use, network transfer, persistence, or repository mutation.
This skill appears safe for its intended use. Before installing or invoking it, choose the repository/files deliberately and remember that any changed code, new files, or nearby context it reviews may be visible to the agent during the conversation.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may list changed files and inspect diffs in local repositories, but the artifacts do not show repository modification or destructive commands.
The skill directs the agent to run read-only git commands and may enumerate modified files across workspace repositories when scope is unclear. This is purpose-aligned for commit review and includes a user selection step.
对工作区内的每个 git 仓库执行 `git status --short` ... `git diff --cached -- <file>` ... `git diff -- <file>`
Specify the exact repository or files you want reviewed if you do not want the agent to inspect broader workspace git status.
Local source code, configuration, or accidental secrets in changed files may be included in the assistant conversation for analysis.
The skill may load entire new files and surrounding code/config context into the agent's review context. This is expected for code review, but such files can contain sensitive information.
未追踪的新文件:直接读取文件全部内容 ... 必要时读取完整文件对应区域 ... 配置文件 ... 敏感信息泄露
Review the target scope before running it and avoid including files that contain secrets unless you intend the agent to inspect them.