by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears to do what it says: run locally, find the repository that contains the given commit(s), and print repository context and a limited patch for human review. Before running: (1) Prefer invoking it from inside the target repo or set COMMIT_REVIEWER_WORK_ROOT to a narrow workspace to avoid scanning your entire home directory; (2) be aware the output includes remote URLs and commit author emails — don't run it against private/sensitive repos unless you trust the environment; (3) the...详细分析 ▾
✓ 用途与能力
Name/description ask for checking git commits; required binaries (git, bash, find, sed, grep, sort) and the provided script implement scanning repos and printing commit diffs and metadata — all necessary and proportionate to the stated purpose.
ℹ 指令范围
SKILL.md and the entrypoint script limit analysis to repository data and diffs, and correctly require a user-provided bug description before drawing conclusions. Note: the script scans a work root for repositories and prints repository context including remote URLs and commit author info, which may expose sensitive repository metadata if run against a large or unexpected filesystem root.
✓ 安装机制
No install spec; instruction-only with a bundled shell script. This is lowest-risk installation surface — the script runs locally and nothing is downloaded from external URLs.
ℹ 凭证需求
No secrets or credentials required. Optional environment variables (COMMIT_REVIEWER_WORK_ROOT, COMMIT_REVIEWER_SCAN_DEPTH, COMMIT_REVIEWER_PATCH_LINES) are appropriate. Be aware that the script reads the filesystem (work root) and the HOME expansion — scanning an entire home/workspace may reveal many repos and metadata.
✓ 持久化与权限
Skill is not marked always:true and doesn't modify system or other skills. It runs as an on-demand script and does not request persistent privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/3/20
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install commit-reviewer
镜像加速npx clawhub@latest install commit-reviewer --registry https://cn.longxiaskill.com