Finishing a Development Branch
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could choose to create a pull request and still have their local worktree removed because the instructions conflict.
The same PR workflow both includes and excludes worktree cleanup. Since cleanup runs a command that removes a worktree path, the agent may remove a local checkout unexpectedly after the user only chose to push and create a PR.
Option 2: "Then: Cleanup worktree (Step 5)" ... "For Options 1, 2, 4" ... "git worktree remove <worktree-path>" ... but later: "Fix: Only cleanup for Options 1 and 4"
Clarify whether Option 2 keeps or removes the worktree, scope cleanup to the original feature worktree, and require explicit user confirmation before any worktree removal.
If the wrong remote, branch, or GitHub account is active, the agent could publish code or open a PR in the wrong place.
The PR option uses the user’s authenticated Git remote and GitHub CLI context to push code and create a pull request. This is purpose-aligned, but it relies on the user’s account authority.
git push -u origin <feature-branch> ... gh pr create --title "<title>"
Before choosing the PR option, verify the repository remote, branch name, and authenticated GitHub account.