← Back to Skills Marketplace
Shadows Smart Commit
by
NakedoShadow
· GitHub ↗
· v1.1.0
276
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install shadows-smart-commit
Description
Intelligent git commit assistant — analyzes diffs, enforces conventional commits, detects secrets, generates meaningful messages. Use when committing code ch...
Usage Guidance
This skill appears to do what it says (analyze diffs, enforce conventional commits, run a local grep-based secret scan) and has low installation impact, but please consider the following before installing or invoking it: 1) Git hooks: commits can trigger local hooks (pre-commit, commit-msg, post-commit) which may execute arbitrary scripts, possibly including network calls or data exfiltration; the skill does not check for hooks — inspect .git/hooks and any hook frameworks (pre-commit, husky) in your repo before using. 2) Secret handling: the secret scan echoes matched lines to terminal output; if you run this in terminals with shared logging, CI, or telemetry, secrets may be exposed — run in a secure local terminal or enhance scanning with a vetted tool (gitleaks/trufflehog) for higher assurance. 3) Metadata mismatch: SKILL.md contains a homepage URL while the registry shows none; if provenance matters, verify the publisher/site before trusting. 4) Test first: try the instructions in a disposable repository to confirm behavior (and to check for unexpected hooks). If you need strict guarantees about network isolation or secret handling, prefer a vetted binary/toolchain or expand the workflow to detect and neutralize hooks and to avoid printing secret values.
Capability Analysis
Type: OpenClaw Skill
Name: shadows-smart-commit
Version: 1.1.0
The 'smart-commit' skill is a legitimate utility designed to assist with git operations by enforcing security scans and conventional commit standards. It uses standard git commands and grep-based patterns in SKILL.md to detect secrets and sensitive files (e.g., .env, .pem) before committing, and explicitly forbids risky practices like 'git add .'. No evidence of data exfiltration, network access, or malicious intent was found.
Capability Assessment
Purpose & Capability
Name/description align with required artifacts: the skill is instruction-only and only requires git, which is appropriate for a commit assistant. Minor metadata inconsistency: the registry entry lists no homepage, but SKILL.md metadata includes a homepage URL (https://clawhub.ai/NakedoShadow). This mismatch is likely benign but should be confirmed with the publisher.
Instruction Scope
The SKILL.md stays within commit-related operations (status, diff, staging, commit message generation) and mandates a local grep-based secret scan. However it explicitly states "No network access" yet does not address git hooks (pre-commit/post-commit/hooks can run arbitrary scripts which may perform network activity). The secret-scan prints matched lines to the terminal — that may expose secrets to terminal output and any attached logging/telemetry if run in automated environments. The instructions do caution users to run in a secure terminal, but they do not instruct the agent to detect or warn about commit hooks or CI environments.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal surface area and nothing written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The scope of requested access (git on PATH) is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill declares it is stateless with no persistence. It does not request elevated or permanent privileges. Autonomous model invocation is enabled by default but not a standalone concern here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install shadows-smart-commit - After installation, invoke the skill by name or use
/shadows-smart-commit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
HIGH TRUST upgrade: added PREREQUISITES, SECURITY CONSIDERATIONS, homepage, concrete instructions
v1.0.0
Smart Commit 1.0.0 — initial release!
- Automates intelligent git commits by analyzing diffs and enforcing conventional commit formats.
- Mandatory security scans detect secrets and sensitive files before any commit.
- Stages files explicitly, never with globbing (e.g., no `git add .`), and groups related changes logically.
- Generates meaningful commit messages focused on intent, always following Conventional Commits style.
- Provides detailed output, including detected changes, security check results, staging lists, and proposed commit message.
- Strictly follows git best practices (no force-push on main, no amend by default, never skipping hooks).
Metadata
Frequently Asked Questions
What is Shadows Smart Commit?
Intelligent git commit assistant — analyzes diffs, enforces conventional commits, detects secrets, generates meaningful messages. Use when committing code ch... It is an AI Agent Skill for Claude Code / OpenClaw, with 276 downloads so far.
How do I install Shadows Smart Commit?
Run "/install shadows-smart-commit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Shadows Smart Commit free?
Yes, Shadows Smart Commit is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Shadows Smart Commit support?
Shadows Smart Commit is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created Shadows Smart Commit?
It is built and maintained by NakedoShadow (@nakedoshadow); the current version is v1.1.0.
More Skills