← Back to Skills Marketplace
commit-message-linter
by
charlie-morrison
· GitHub ↗
· v1.0.0
· MIT-0
80
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install commit-message-linter
Description
Validate git commit messages against Conventional Commits spec and configurable rules. Use when linting commit messages, enforcing commit conventions, checki...
README (SKILL.md)
Commit Message Linter
Validate commit messages against Conventional Commits and custom rules. Pure Python, no dependencies.
Quick Start
# Lint last commit
python3 scripts/lint_commits.py
# Lint last 5 commits
python3 scripts/lint_commits.py --range HEAD~5..HEAD
# Lint a branch
python3 scripts/lint_commits.py --range main..feature-branch
# Lint a single message
python3 scripts/lint_commits.py --message "feat: add login"
# Read from stdin (git commit-msg hook)
python3 scripts/lint_commits.py --stdin \x3C .git/COMMIT_MSG
# Read from file
python3 scripts/lint_commits.py --file .git/COMMIT_MSG
Output Formats
python3 scripts/lint_commits.py --format text # human-readable (default)
python3 scripts/lint_commits.py --format json # CI/tooling
python3 scripts/lint_commits.py --format markdown # reports
Configuration
Generate default config:
python3 scripts/lint_commits.py init
Creates .commitlintrc.json. Also auto-discovers .commitlintrc or commitlint.config.json.
Key config options:
header_max_length(72) — max header charsrequire_conventional(true) — enforce\x3Ctype>[scope]: \x3Cdesc>formattypes— allowed types (feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert)scopes— allowed scopes (empty = any)require_scope(false) — mandate scoperequire_body(false) — mandate bodyheader_case— description start case: lower/upper/sentence/anyno_trailing_period(true) — reject trailing period on headerforbidden_patterns— regex patterns that reject commitsrequired_patterns— regex patterns that must match--strictflag treats warnings as errors
Rules Reference
| Rule | Level | Description |
|---|---|---|
| header-empty | error | Empty header |
| header-max-length | error | Header exceeds max length |
| header-min-length | warning | Header below min length |
| conventional-format | error | Not Conventional Commits format |
| type-enum | error | Type not in allowed list |
| scope-required | error | Missing required scope |
| scope-enum | error | Scope not in allowed list |
| description-empty | error | Empty description |
| description-case | warning | Wrong description case |
| header-no-period | warning | Trailing period |
| header-leading-whitespace | error | Leading whitespace |
| header-trailing-whitespace | warning | Trailing whitespace |
| body-separator | error | No blank line before body |
| body-required | warning | Missing required body |
| body-line-length | warning | Body line too long |
| body-max-lines | warning | Too many body lines |
| breaking-change-description | warning | Breaking ! without BREAKING CHANGE: in body |
| forbidden-pattern | error | Matches forbidden regex |
| required-pattern | warning | Doesn't match required regex |
Exit Codes
0— all commits pass (warnings OK unless--strict)1— errors found (or warnings with--strict)2— git/system error
CI Integration (Git Hook)
As commit-msg hook (.git/hooks/commit-msg):
#!/bin/sh
python3 path/to/lint_commits.py --file "$1" --strict
Auto-ignored: merge commits, reverts, version tags, "Initial commit".
Usage Guidance
This skill appears to do exactly what it says: lint commit messages and optionally write a local config file. Before installing or adding it as a commit hook: (1) inspect the included scripts (already provided) to confirm they meet your policies; (2) run it in a test repository first to see what it writes (init will create .commitlintrc.json); (3) avoid running hooks on repositories that contain secrets you don't want processed by third-party tools; and (4) ensure python3 is the interpreter you expect. If you want extra assurance, run the script in a sandboxed repo to observe behavior. Confidence is high based on the provided SKILL.md and script (no network/credential use detected).
Capability Analysis
Type: OpenClaw Skill
Name: commit-message-linter
Version: 1.0.0
The skill is classified as suspicious due to a potential argument injection vulnerability in `scripts/lint_commits.py`. The script passes the user-controlled `--range` argument directly to a `git log` subprocess call without sanitization. This could allow an attacker to inject git command-line options, such as `--output` to overwrite files or `--ext-diff` to execute arbitrary commands. While the code's logic is aligned with its stated purpose of linting commit messages, the lack of input validation on system calls constitutes a security flaw.
Capability Assessment
Purpose & Capability
Name/description match the code and instructions: the script lints commit messages, reads commits via 'git log' or .git/COMMIT_MSG, and can generate a .commitlintrc.json. No unrelated capabilities or credentials are requested.
Instruction Scope
SKILL.md and the script stay within scope: running the linter on commits/branches/messages, installing a commit-msg hook, and initializing a local config. The script reads repository files and config files it auto-discovers; it does not instruct reading unrelated system files or sending data externally.
Install Mechanism
No install spec (instruction-only) and the included script is pure Python with no external dependencies. This is low-risk and proportionate for the stated purpose.
Credentials
The skill requires no environment variables, no external credentials, and does not access network endpoints. It uses subprocess to call 'git', which is expected for a git-centric tool.
Persistence & Privilege
always is false and the skill is user-invocable. The only persistence behavior is creating a local .commitlintrc.json when the user runs the init command, which is appropriate for a linter.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install commit-message-linter - After installation, invoke the skill by name or use
/commit-message-linter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is commit-message-linter?
Validate git commit messages against Conventional Commits spec and configurable rules. Use when linting commit messages, enforcing commit conventions, checki... It is an AI Agent Skill for Claude Code / OpenClaw, with 80 downloads so far.
How do I install commit-message-linter?
Run "/install commit-message-linter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is commit-message-linter free?
Yes, commit-message-linter is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does commit-message-linter support?
commit-message-linter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created commit-message-linter?
It is built and maintained by charlie-morrison (@charlie-morrison); the current version is v1.0.0.
More Skills