Pluginv1.0.0

ClawScan security

Git Tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 29, 2026, 8:33 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, commands, and resource access align with its stated purpose of managing git repositories in the workspace; no incoherent or unexplained privileges were found.
Guidance: This plugin appears to do what it says: scan repos, run pre-push checks, and clone/pull repos. Before installing, consider: (1) cloning/pulling runs network operations and will use any SSH keys or credential helpers available in the container — only run trusted URLs; (2) the skill sets git --global pull.rebase = true inside the container, which changes git behavior there; (3) the plugin will read repository contents under the workspace/repos path (so don't place secrets there). If those behaviors are acceptable, the skill is coherent with its stated purpose.

Review Dimensions

Purpose & Capability: okName/description match the implementation: commands implement repo checks, scanning, cloning and pulling. Declared requirements (git CLI) and the repo root layout match the code's behavior. No unrelated credentials, binaries, or external services are requested.
Instruction Scope: noteRuntime instructions and code operate on the workspace repos directory (default /root/.openclaw/workspace/repos) and run only git operations (diff, status, log, pull, clone). This is consistent with the stated scope. Note: the skill will clone/pull arbitrary Git URLs provided by the user (network activity) and will inspect repository contents (including file names and diffs) which is expected for a git-management tool.
Install Mechanism: okNo install spec; it is delivered as plugin code (TypeScript + helper scripts) to be executed by the platform. No external download URLs or archive extraction are used.
Credentials: noteThe skill requests no environment variables or secrets. It does use process.env.OPENCLAW_HOME if present to locate the workspace, which is reasonable. Be aware: git operations will implicitly use any SSH keys or credential helper/config present in the container (e.g., ~/.ssh, global git config) when performing network operations; this is expected but worth noting.
Persistence & Privilege: notealways:false and commands require explicit invocation (requireAuth:true). The skill does modify container-global git config (sets pull.rebase = true) which alters git behavior in the container; this is a modest side effect but consistent with its sync functionality.