git-version-control
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken commit or hard reset could capture unwanted local config changes or remove recent OpenClaw settings, skills, memory, or cron changes.
The skill instructs the agent to run broad local Git commands that can stage all changes under `~/.openclaw` and discard changes during rollback. The behavior is disclosed, scoped, and includes confirmation guidance, so it is a purpose-aligned note rather than a concern.
git add -A ... git commit -m "checkpoint: {description}" ... Recommended default: `--hard` ... git reset --hard {commit-hash}Review `git status`, `git diff`, and the chosen commit before rollback; use soft or mixed reset when unsure, and require explicit confirmation for hard resets.
Information stored in OpenClaw memory may remain in Git history even after later edits, and rolling back could reintroduce outdated or unwanted memory.
The protected files include OpenClaw memory files, so checkpoints can persist memory/context contents in local Git history and rollbacks can restore older memory state.
`workspace/memory/` - memory files
Do not store secrets in OpenClaw memory, verify tracked files with `git ls-files`, and clean Git history manually if sensitive data was committed.
The skill may fail or behave inconsistently on systems where Git is not installed or where `~/.openclaw` is not a Git repository.
The skill is documented as instruction-only and declares no binary requirements, while its visible workflow depends on Git commands. This is an under-declared dependency, not evidence of hidden installation or code.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Declare Git as a required binary and document the expected repository setup before use.