← Back to Skills Marketplace
neroagent

Git Workflows Advanced

by NeroAgent · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
85
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install git-workflows-advanced
Description
Advanced Git operations as tools: interactive rebase with autosquash, worktree management, reflog recovery, subtree/submodule handling, cherry-pick across fo...
README (SKILL.md)

Git Workflows Pro

Advanced Git operations wrapped as tools for OpenClaw agents. These are the operations you do rarely but need to be correct.

Why This Exists

Standard git skill covers add/commit/push/status. This skill covers everything else:

  • Interactive rebase (squash, reorder, edit, autosquash)
  • Worktrees for parallel development
  • Reflog recovery when you think you've lost commits
  • Subtrees for dependency management
  • PR creation with required human-written intent
  • Changelog generation

All based on battle-tested patterns from ClawHub's git-workflows and pr-commit-workflow.

Tools

git_rebase_interactive

Start an interactive rebase. Returns the todo list and guidance.

{
  "base": "HEAD~5",
  "autosquash": true
}

Response includes:

  • todo_list — the generated todo with current commit hashes and messages
  • instructions — how to edit, save, continue, abort

git_worktree_add

Create a new worktree for a branch, allowing simultaneous work on multiple branches without cloning.

{
  "branch": "feature/new-ui",
  "path": "/path/to/worktrees/new-ui"
}

Creates directory, checks out branch. Returns new worktree path.

git_reflog_recover

List reflog entries or restore a lost commit.

List:

{ "action": "list" }

Restore:

{
  "action": "restore",
  "commit_hash": "abc123",
  "target_branch": "main"
}

Creates a new branch at that commit or updates existing.

git_subtree_add

Add another repository as a subtree under a prefix.

{
  "repo_url": "https://github.com/user/lib.git",
  "prefix": "vendor/lib",
  "branch": "main"
}

Runs git subtree add --prefix.

git_pr_create

Create a PR on GitHub. Requires human-written title and body (no generation). Uses gh CLI.

{
  "title": "Add input validation to user model",
  "body": "This fixes the issue where users could submit empty forms. The validation checks for null and empty strings.\
\
Testing: Added unit tests for edge cases.",
  "head": "feature/input-validation",
  "base": "main",
  "draft": false
}

Returns PR URL and number.

git_changelog_generate

Generate a markdown changelog between two tags or from last tag to HEAD.

{
  "from_tag": "v1.2.0",
  "to_tag": "v1.3.0",
  "output_format": "markdown"
}

Outputs grouped commits by type (feat, fix, breaking) if conventional commits used.

Prerequisites

  • Git installed
  • GitHub CLI (gh) for PR creation
  • Authenticated with gh auth login

Usage

All tools are invoked via the registry:

tool("git-workflows-pro", "git_rebase_interactive", {"base": "HEAD~10", "autosquash": true})
tool("git-workflows-pro", "git_worktree_add", {"branch": "feature/foo", "path": "./worktrees/foo"})
tool("git-workflows-pro", "git_pr_create", {"title": "...", "body": "...", "head": "my-branch"})

Safety

  • Interactive rebase returns todo but does NOT execute; agent must apply changes manually
  • PR creation requires explicit human-written title/body (no autogeneration)
  • All destructive operations (subtree, reflog restore) print warnings and require additional flag if truly dangerous (not yet implemented)

Future

  • Add git_bisect_start, git_bisect_run
  • Add git_cherry_pick_across_fork for cross-repo pick
  • Add git_merge_conflict_resolution strategies
  • Add MCP server for Git operations (read-only)

License

Commercial. $49 one-time. Includes lifetime updates.

Patterns from ClawHub's git-workflows, pr-commit-workflow, and agent-harness-architect.

Usage Guidance
This skill appears to implement the advanced Git features it claims, but the Python runtime composes shell commands from user inputs and calls them with shell=True. That can allow arbitrary command execution (command injection) if a malicious or malformed branch name, path, repo URL, PR title/body, or commit hash is passed. Before installing or running: - Review and/or fix scripts/run.py: avoid shell=True and use subprocess.run(list_of_args) or properly escape/validate all inputs. Validate repo_url, branch names, paths, and sanitize PR title/body. - Test the skill in an isolated environment or container on non-sensitive repositories. - Ensure the GH CLI is authenticated with a limited-scope account (not your personal/org admin account). - If you cannot audit/fix the code, treat this as untrusted: do not run it on production or sensitive repositories. If the maintainer provides a version that removes shell=True and uses safe argument passing (or otherwise documents robust input sanitization), the main technical concern would be resolved and the assessment could change to benign.
Capability Analysis
Type: OpenClaw Skill Name: git-workflows-advanced Version: 1.0.0 The skill bundle contains critical shell injection vulnerabilities across all tools in `scripts/run.py`. The code uses `subprocess.run(shell=True)` combined with unvalidated f-string command construction for user-supplied inputs like branch names, commit hashes, and PR bodies (e.g., in `git_pr_create` and `git_subtree_add`). While the tools' functionality aligns with the stated purpose of advanced Git management and no explicit evidence of intentional malice (like data exfiltration) was found, the pervasive lack of input sanitization poses a high risk of Remote Code Execution (RCE).
Capability Assessment
Purpose & Capability
Name/description match the provided code and instructions: the SKILL.md and scripts/run.py implement interactive rebase listing, worktree management, reflog restore, subtree add, PR creation via gh, and changelog generation. No unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md confines actions to Git workflows and warns about destructive operations, but the runtime code (scripts/run.py) constructs shell commands via Python f-strings and calls subprocess.run(..., shell=True) with user-supplied values (branch, path, repo_url, title, body, commit hashes). That permits shell injection if inputs contain shell metacharacters; SKILL.md does not document input sanitization or escaping. This is scope-appropriate functionality but with significant unsafe implementation choices.
Install Mechanism
Instruction-only skill plus a small Python script; no install spec, no downloads. Lowest-risk install footprint.
Credentials
No environment variables or credentials are requested by the skill. PR creation requires the user to have the GitHub CLI authenticated (documented in SKILL.md), which is a reasonable prerequisite.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system-wide agent settings. Tool permissions in SKILL.md mark destructive actions as danger_full_access, which is appropriate for Git operations that can rewrite history.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install git-workflows-advanced
  3. After installation, invoke the skill by name or use /git-workflows-advanced
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — advanced git: interactive rebase, worktree, reflog recovery, subtree, PR creation, changelog
Metadata
Slug git-workflows-advanced
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Git Workflows Advanced?

Advanced Git operations as tools: interactive rebase with autosquash, worktree management, reflog recovery, subtree/submodule handling, cherry-pick across fo... It is an AI Agent Skill for Claude Code / OpenClaw, with 85 downloads so far.

How do I install Git Workflows Advanced?

Run "/install git-workflows-advanced" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Git Workflows Advanced free?

Yes, Git Workflows Advanced is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Git Workflows Advanced support?

Git Workflows Advanced is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Git Workflows Advanced?

It is built and maintained by NeroAgent (@neroagent); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments