← Back to Skills Marketplace
montycn

Git Delegation Management

by Monty · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
171
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install git-delegation-management
Description
Execute any git command on behalf of Workers without credentials by processing their git-request messages and managing workspace synchronization safely.
README (SKILL.md)

Git Delegation Management

This skill enables the Manager to execute any git operation on behalf of Workers. Workers cannot access git credentials, so they delegate all git operations to the Manager.

Prerequisites

The Manager has access to:

  • Host's .gitconfig via /host-share/.gitconfig (symlinked to /root/.gitconfig)
  • Git credentials (SSH keys, credential helpers) configured on the host

This allows git operations to use the correct author name, email, and authentication.

Handling git-request: Messages

When a Worker sends a message containing git-request::

task-{task-id} git-request:
workspace: /root/hiclaw-fs/shared/tasks/{task-id}/workspace/{repo-name}
operations:
  - git clone https://github.com/org/repo.git
  - git checkout -b feature-auth
  - git add .
  - git commit -m "feat: add authentication"
  - git push origin feature-auth
---CONTEXT---
{description of what they're trying to accomplish}
---END---

Extract:

  • task-id: Task identifier
  • workspace: Path to work in (for clone: parent directory; for other ops: repo directory)
  • operations: List of git commands to execute (literally what to run)
  • context: (Optional) What the Worker is trying to accomplish

Execution Flow

1. Sync and Check Processing Marker

task_id="task-YYYYMMDD-HHMMSS"
workspace="/root/hiclaw-fs/shared/tasks/${task_id}/workspace/{repo-name}"

# Sync from MinIO
mc mirror "hiclaw/hiclaw-storage/shared/tasks/${task_id}/" \
  "/root/hiclaw-fs/shared/tasks/${task_id}/"

# Check for processing marker
bash /opt/hiclaw/agent/skills/task-coordination/scripts/check-processing-marker.sh "$task_id"
if [ $? -ne 0 ]; then
    # Respond with git-failed: explaining the conflict
    exit 1
fi

# Create processing marker
bash /opt/hiclaw/agent/skills/task-coordination/scripts/create-processing-marker.sh "$task_id" "manager" 15

2. Execute Git Commands

Navigate to the workspace and execute the git commands:

cd "$workspace"

# Execute each git command
git clone https://github.com/org/repo.git
git checkout -b feature-auth
# ... etc

# Log output for debugging

You know how to use git. Execute the commands the Worker requests. If something goes wrong (merge conflict, authentication failure, etc.), handle it appropriately.

3. Cleanup and Respond

# Remove processing marker
bash /opt/hiclaw/agent/skills/task-coordination/scripts/remove-processing-marker.sh "$task_id"

# Sync to MinIO
mc mirror "/root/hiclaw-fs/shared/tasks/${task_id}/" \
  "hiclaw/hiclaw-storage/shared/tasks/${task_id}/" --overwrite

On success — send to Worker:

@{worker}:DOMAIN task-{task-id} git-result:
Git operations completed successfully.
{Summary of what was done - commits, pushes, branches created, etc.}
Run `bash /opt/hiclaw/agent/skills/file-sync/scripts/hiclaw-sync.sh` to sync.

On failure — send to Worker:

@{worker}:DOMAIN task-{task-id} git-failed:
Git operation failed: {error message}
{Suggestion for how to fix it, if applicable}

What Operations Can Be Delegated

Any git operation, including but not limited to:

Category Commands
Repository git clone, git init
Branches git branch, git checkout, git switch
Remote git remote, git fetch, git pull, git push
Commits git add, git commit, git reset, git revert
History git log, git show, git diff
Rebase git rebase, git rebase -i
Cherry-pick git cherry-pick
Merge git merge
Stash git stash
Tags git tag
Submodules git submodule
Config git config (local to repo)

If git can do it, the Worker can delegate it.

Error Handling

When git operations fail:

  1. Read the error message and understand what went wrong
  2. Try to fix it if it's a simple issue (e.g., set upstream, configure user locally)
  3. Report to Worker if it requires their action (e.g., merge conflicts, rebasing decisions)
  4. Escalate to admin if it's a credential or permission issue

Common issues:

  • Merge conflicts → Ask Worker to resolve locally
  • Authentication failure → Check /host-share/.gitconfig and credential helper
  • Branch divergence → Worker may need to pull/rebase first

Integration with Task Coordination

Always use the .processing marker to prevent conflicts when both Worker and Manager might modify the workspace.

\x3C!-- hiclaw-builtin-end -->

Usage Guidance
Before installing or enabling this skill, verify and harden the execution environment: 1) Confirm the exact host files and credentials the skill needs (SSH keys, /host-share/.gitconfig, MinIO client config) and only grant the minimum required access. 2) Require the skill to declare required binaries (git, mc) and config paths and to enumerate any scripts it will call under /opt/hiclaw. 3) Do NOT allow the Manager to run arbitrary worker-supplied git commands unvalidated — insist on a safe policy (whitelist allowed commands, disallow network-pushed operations, restrict remotes, or require human approval for pushes and branch creation). 4) Run delegated operations in an isolated ephemeral environment (container or jailed workspace) that cannot access host secrets or unrelated files, and ensure git hooks and filters are disabled or sanitized. 5) Ensure MinIO credentials and mc usage are explicit and stored separately; audit and log all git operations and syncs. 6) If you cannot enforce these controls, treat the skill as too risky to enable. If you want the capability, request a revised skill that declares its dependencies, enforces command validation/whitelisting, and documents its security model.
Capability Analysis
Type: OpenClaw Skill Name: git-delegation-management Version: 1.0.0 The skill 'git-delegation-management' (SKILL.md) provides a mechanism for executing arbitrary git commands on behalf of other agents ('Workers') using the host's sensitive git credentials and SSH keys. It lacks any input validation or command sanitization, explicitly instructing the agent to execute 'any git operation' provided in a request. This design functions as a command execution proxy, allowing a potentially compromised worker to perform unauthorized repository actions or exploit git features (like hooks or config editors) to achieve shell access on the manager's environment.
Capability Assessment
Purpose & Capability
The skill's stated purpose (execute git operations on behalf of Workers) is coherent in principle, but SKILL.md assumes access to host git credentials (e.g. /host-share/.gitconfig and SSH keys), MinIO client (mc), and task-coordination scripts under /opt/hiclaw — none of these are declared in the registry metadata (no required binaries, no config paths, no env vars). The skill should explicitly declare those dependencies and required host access if they are necessary.
Instruction Scope
Instructions tell the Manager to execute the git commands 'literally what to run' provided by Workers, with no whitelist, sandboxing, or validation. The flow also instructs mirroring from and to MinIO and calling host scripts (/opt/hiclaw/...) and relies on git behaving safely. Running arbitrary git operations on repositories controlled by Workers (or remote URLs they request) can lead to code execution (through hooks, submodules, smudge/clean filters, git-config includes), credential leakage, and exfiltration. The instructions give broad discretion and do not limit or validate potentially dangerous operations.
Install Mechanism
This is an instruction-only skill with no install spec (low install-time risk). However, the runtime assumes the presence of 'git' and 'mc' and of specific coordination scripts on the host; those are runtime dependencies that should have been declared. Absence of a formal install spec means those dependencies will be satisified implicitly by the host, which increases operational uncertainty.
Credentials
The SKILL.md expects access to host git credentials and MinIO configuration, but the registry metadata lists no required environment variables, no primary credential, and no required config paths. This mismatch is disproportionate: a skill that performs host-authenticated git and MinIO sync should explicitly request and justify the corresponding credentials and config paths. The implicit need for host-level secrets (SSH keys, credential helpers, MinIO credentials) is a red flag.
Persistence & Privilege
always is false (good), but model invocation is allowed (normal). Combined with the skill's ability to run arbitrary git commands using host credentials and to call system scripts, autonomous invocation increases blast radius: an agent could be asked (or tricked) into performing harmful operations without further user review. The skill does not define safeguards (approval steps, command restrictions, or whitelists).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install git-delegation-management
  3. After installation, invoke the skill by name or use /git-delegation-management
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of git-delegation-management skill. - Allows Managers to execute any git operation on behalf of Workers who lack git credentials. - Handles `git-request:` messages to process git commands in shared workspaces. - Integrates with credential files and host `.gitconfig` for authenticated operations. - Uses processing markers to prevent workspace conflicts and ensures sync with MinIO storage. - Supports error handling and clear success/failure reporting to requesting Workers.
Metadata
Slug git-delegation-management
Version 1.0.0
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Git Delegation Management?

Execute any git command on behalf of Workers without credentials by processing their git-request messages and managing workspace synchronization safely. It is an AI Agent Skill for Claude Code / OpenClaw, with 171 downloads so far.

How do I install Git Delegation Management?

Run "/install git-delegation-management" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Git Delegation Management free?

Yes, Git Delegation Management is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Git Delegation Management support?

Git Delegation Management is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Git Delegation Management?

It is built and maintained by Monty (@montycn); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments