by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do what it says: stage and create a single non-amended commit. Before installing or running it, ensure the agent environment has git available and that you are comfortable allowing the agent to modify the repository (it needs write access). Because the package is instruction-only and the provenance points to a source file name but there's no code to inspect, you should: (1) verify the agent's actual runtime commands when first invoked (have it show the git commands it inten...详细分析 ▾
ℹ 用途与能力
The skill's name and description match its instructions: staging, drafting a message, and creating a non-interactive commit. Minor mismatch: the skill does not declare that the 'git' binary is required, yet the workflow implicitly needs git and write access to the repository.
✓ 指令范围
SKILL.md stays within scope: it instructs the agent to inspect repo state (diff, status, branch), stage relevant changes, craft a message, and commit. It explicitly forbids amending, bypassing hooks, and committing secrets. There are no instructions to read unrelated system files or send data externally.
✓ 安装机制
No install spec and no code files are present (instruction-only). This minimizes installation risk — nothing will be downloaded or written by the skill itself.
✓ 凭证需求
The skill requires no environment variables, credentials, or config paths. Its needs (repository read/write access and a git binary at runtime) are proportionate to the stated purpose.
✓ 持久化与权限
The skill does not request always:true or other elevated persistence. It is user-invocable and can be invoked autonomously per platform default, which is expected for a commit workflow skill.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/1
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install claude-code-git-commit-workflow
镜像加速npx clawhub@latest install claude-code-git-commit-workflow --registry https://cn.longxiaskill.com