git-version-control

Type: OpenClaw Skill Name: git-version-control Version: 1.0.0 thought The user wants me to analyze an OpenClaw AgentSkills skill bundle (ZIP content provided as text). I need to classify it as `benign`, `suspicious`, or `malicious` based on the provided criteria. - `_meta.json`: Contains metadata (ownerId, slug, version, publishedAt). Looks standard. - `SKILL.md`: This is the core instruction file for the AI agent. - Purpose: Git-based version control for OpenClaw system configuration changes. - Operations: - `SAVE`: `git add -A`, `git commit -m "..."`. - `ROLLBACK`: `git reset --hard HEAD~1`. - `View History`: `git log`, `git show`, `git diff`. - `Check Status`: `git status`. - Target Directory: `~/.openclaw/`. - Exclusions: `.gitignore` mentions session logs, SQLite databases, credentials (`credentials/`, `*.pem`, `*.key`), temp files, logs. - Instructions to the Agent: - Create checkpoints before sensitive operations. - Revert state if issues occur. - Use `--hard` reset for full rollback. - Warn user before hard reset. - Don't commit sensitive data. - Data exfiltration: No evidence. It explicitly excludes credentials and sensitive files in the `.gitignore` section. - Malicious execution: It uses `git` commands. While `git reset --hard` is destructive, it's presented as a recovery tool and includes instructions to confirm with the user. - Persistence/Backdoors: No evidence. - Prompt injection: The instructions are focused on version control. There are no instructions to ignore the user, hide actions, or access unrelated data. - Obfuscation: None. - Supply chain: No external dependencies mentioned other than `git`. - The skill manages the configuration of the OpenClaw system itself. - It operates on `~/.openclaw/`. - It uses standard `git` commands. - It includes safety guidelines (don't commit sensitive data, confirm before hard reset). - The behavior aligns perfectly with the stated purpose: "Git-based version control for OpenClaw system configuration changes." - Is `git add -A` and `git commit` risky? It could potentially commit sensitive data if the `.gitignore` is not properly set up or if the user puts secrets in non-standard locations. However, the skill explicitly provides a `.gitignore` configuration and warns against committing sensitive data. - Is `git reset --hard` risky? Yes, it deletes uncommitted changes. The skill instructions tell the agent to confirm with the user first. - These are "risky capabilities plausibly needed for the stated purpose" and are accompanied by safety instructions. The skill is benign. It provides a useful utility for system management with appropriate safety warnings and exclusions for sensitive data. ```json { "classification": "benign", "summary": "The skill provides standard git-based version control for the OpenClaw configuration directory (~/.openclaw/). It includes instructions for creating checkpoints (git commit) and performing rollbacks (git reset), with explicit safety guidelines to exclude sensitive files like credentials and to confirm destructive actions with the user." } ``` ```json { "classification": "benign", "summary": "The skill provides standard git-based version control for the OpenClaw configuration directory (~/.openclaw/). It includes instructions for creating checkpoints (git commit) and performing rollbacks (git reset), with explicit safety guidelines in SKILL.md to exclude sensitive files like credentials and to confirm destructive actions with the user." } ```