Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Git Commit PR Workflow
v1.0.0Use when the user wants the full git workflow: branch creation if needed, commit, push, and PR create or update with a concise summary and test plan.
⭐ 0· 27·0 current·0 all-time
by@wimi321
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to perform end-to-end git delivery including PR creation, but the manifest declares no required binaries or credentials. Performing these actions typically requires a git client and authentication (SSH keys, GitHub/GitLab token, or CLI tools). The absence of declared dependencies or a stated auth mechanism is an incoherence.
Instruction Scope
SKILL.md gives a high-level workflow (inspect branch/diff, create branch, commit, push, create/update PR) and guardrails (no destructive commands, avoid secrets). It does not specify which commands or tools to use (git CLI, 'gh'/'hub', or API), nor how to choose remotes or PR host. The guidance is non-prescriptive, which leaves the agent broad discretion but not explicitly dangerous on its face.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That limits the attack surface — nothing will be written or executed from a downloaded package by default.
Credentials
No environment variables, tokens, or credential requirements are declared despite the skill needing push and PR creation capabilities. Real usage requires authentication (SSH keys in agent environment or API tokens). The skill relies implicitly on existing environment credentials but does not document this, which is disproportionate to the manifest and may cause surprising behavior or failed runs.
Persistence & Privilege
The skill does not request always: true and is user-invocable only. It also does not indicate modifying other skills or system-wide settings. Autonomous invocation is allowed by default (disable-model-invocation: false), which is normal; there are no additional persistence privileges requested.
What to consider before installing
This skill appears to be what it says (end-to-end git -> PR), but it omits operational details you should confirm before using it:
- Verify the agent environment actually has git and any CLI tools it will use (git, gh, hub) and that those are the intended tools. The skill itself does not declare these as requirements.
- Confirm how authentication will be performed: will it rely on SSH keys present in the environment, an existing remote credential, or an API token? If API tokens or SSH keys are available to the agent, ensure they have only the minimum needed permissions and do not expose sensitive repos.
- Ask the skill author to document which remote host (GitHub/GitLab/other) the skill targets and whether it will call a third-party API or use the local git client. Lack of this detail can lead the agent to push or open PRs in unexpected locations.
- Because instructions are high-level and allow broad discretion, review the exact git commands the agent plans to run before allowing execution — especially any operation that could rewrite history or touch protected branches.
- Test the skill first in a non-sensitive repository or fork, and restrict its use to user-invoked runs rather than automatic/always-on invocation.
If you need the skill, request the maintainer add explicit requirements (git binary, preferred CLI/tooling, and documented auth mechanism) so you can validate them before granting the agent access to real repositories.Like a lobster shell, security has layers — review code before you run it.
claude-codevk97164sk3vtjdqghpjhvts8e198412nmextractedvk97164sk3vtjdqghpjhvts8e198412nmlatestvk97164sk3vtjdqghpjhvts8e198412nm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.