skill git - version control for your skills
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its purpose, but it can make broad local changes to skill folders and has file-handling gaps that could commit sensitive files or write outside the intended skills directory.
Install only if you are comfortable letting it modify local agent skill folders and create persistent git history. Before committing, make sure skill folders do not contain secrets such as .env files or private keys, and use simple safe skill names when merging. Inspect the bundled init script before first use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad or manipulated merged skill name could cause files to be created or overwritten outside the intended skill folder.
The workflow accepts a user-provided merged skill name and uses it directly in shell file-write paths, with no visible validation against path traversal, absolute paths, shell metacharacters, or writes outside the intended skills directory.
Name for the merged skill? ... mkdir -p <global_base>/skills/<merged-name> ... cat > <global_base>/skills/<merged-name>/SKILL.md
Restrict merged skill names to safe slugs, quote shell paths, resolve the final path, and refuse names that are absolute, contain '..', or escape the skills directory.
Secrets or private files accidentally placed in a skill folder could be stored persistently in the local git repository even though their contents were not shown in the summary.
The sensitive-file handling is scoped to not reading contents for the commit summary, but the later git add -A command stages all files in the skill folder. Users may not realize sensitive-looking files are still committed into local git history.
Sensitive filename blocklist — never read or include these regardless of user consent ... git -c user.email=skill-git@local -c user.name=skill-git -C <path> add -A
Exclude blocklisted sensitive files from staging by default, add a generated .gitignore, and show an explicit pre-commit warning if any sensitive filename would be committed.
Private or sensitive instructions written inside skill markdown files may be copied into the skill-git cache and reused in later scans or merges.
The scan workflow stores extracted rule text, paths, versions, and timestamps in a persistent local cache. This is purpose-aligned for faster checking and merging, but it persists excerpts from local skill instructions.
Write ~/.skill-git/cache/<agent>/rules/<skill_name>.json ... "rules": [ ... ]
Avoid putting secrets in skill markdown, review or delete ~/.skill-git/cache when needed, and treat cached rules from untrusted skills as untrusted input.
Running init will execute local package code and create or modify git repositories in the selected agent's skill directories.
Initialization delegates to a bundled shell script that scans and modifies local skill directories. This is disclosed and central to the purpose, but users should understand that installing the skill enables local shell execution.
Run: bash "${CLAUDE_PLUGIN_ROOT}/scripts/sg-init.sh" -a <agent> [--project]Inspect the helper script before first use and make sure git and jq are installed from trusted sources.