ClawHub
Back to skill
v3.0.0

atomgit

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:50 AM.

Analysis

This appears to be a legitimate AtomGit/GitCode API helper, but it gives the agent broad repository/account authority, including destructive actions, so it should be reviewed carefully before use.

GuidanceInstall only if you intentionally want the agent to manage AtomGit/GitCode resources. Use the narrowest possible token, avoid storing the token directly in plain config when possible, and require explicit confirmation before any write, delete, transfer, SSH-key, webhook, issue, or pull-request action.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
直接调用 AtomGit/GitCode OpenAPI v5,通过 curl 命令执行操作。 ... # 删除仓库 ⚠️
curl -X DELETE -H "Authorization: Bearer $TOKEN" ... /repos/:owner/:repo ... # 转移仓库
curl -X POST ... /repos/:owner/:repo/transfer

The skill exposes raw API calls for destructive repository operations, including delete and transfer, but the visible instructions do not require explicit user confirmation or define safety limits before such calls.

User impactIf invoked incorrectly, the agent could delete or transfer repositories under the user's account, potentially affecting code, teams, and projects.
RecommendationUse this skill only with clear user-directed commands, require explicit confirmation for delete/transfer/write actions, and avoid granting write access unless needed.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
_meta.json
"slug": "atomgit", "version": "2.0.2"

The registry metadata shown for the skill reports version 3.0.0, while the included _meta.json reports version 2.0.2, creating a minor provenance/version consistency issue.

User impactUsers may have less clarity about exactly which packaged version they are reviewing or installing.
RecommendationVerify the publisher and package version before installing, and prefer a package with consistent metadata and a clear source/homepage.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
权限:`api`, `read_user`, `read_repository`, `write_repository`, `issues`, `pull_requests`

The requested token scopes provide broad account, repository, issue, and pull request authority rather than a narrowly scoped read-only or repository-specific credential.

User impactThe agent can act with substantial authority on the user's AtomGit/GitCode account, including reading private data and making repository changes.
RecommendationCreate a least-privilege token, restrict it to the minimum scopes and repositories supported by the platform, and revoke or rotate it after use.
Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
编辑 `~/.openclaw/openclaw.json` ... "ATOMGIT_TOKEN": "your-token-here" ... 或使用环境变量占位符

The skill tells users how to store the bearer token in OpenClaw configuration or via an environment variable. This is expected for the integration, but it is a sensitive credential that persists until changed or revoked.

User impactAnyone or any process with access to that configuration or environment may be able to use the token's permissions.
RecommendationPrefer environment-variable placeholders or a secret manager, avoid committing the config file, and revoke the token if it may have been exposed.