Description

Perform common Git operations like status, commit, push, pull, branch management, and merge with safety checks and dry-run support.

README (SKILL.md)

Git Manager Skill

Name: Git Manager
Author: liyico

This skill safely executes common Git commands. It wraps git CLI with additional safety checks and structured output.

Capabilities

status - Show working tree status
commit - Stage changes and commit (with message)
push - Push to remote
pull - Pull from remote (rebase or merge)
branch - Create, list, delete branches
checkout - Switch branches
merge - Merge branches
stash - Stash/apply changes
log - Show commit history
diff - Show changes

Safety Features

No force push by default (--force must be explicit)
Protected branches: Cannot delete or commit directly to main/master/production
Dry-run mode: Preview operations before execution
Auto-commit message quality check (LLM can improve messages)
All operations logged to ~/.openclaw/logs/git-manager.log

When to Use

User says:

"查看Git状态"
"提交代码"
"推送到远程仓库"
"拉取最新代码"
"创建新分支"
"合并分支"
"查看提交历史"

Invocation

# Status
git-manager --action status --repo /path/to/repo

# Commit all changes
git-manager --action commit --repo /path/to/repo --message "feat: add user auth"

# Commit specific files
git-manager --action commit --repo /path/to/repo --files [file1,file2] --message "fix: bug in payment"

# Push
git-manager --action push --repo /path/to/repo --branch feature-xyz

# Pull
git-manager --action pull --repo /path/to/repo --branch main

# Create branch
git-manager --action branch --repo /path/to/repo --create new-branch --from main

# Checkout
git-manager --action checkout --repo /path/to/repo --branch feature-xyz

# Diff
git-manager --action diff --repo /path/to/repo --files [file1]

Output Format

JSON with fields:

success: boolean
output: string (raw git output)
error: string (if failed)
changed_files: array (for commit)
commit_sha: string (after commit)
branch: current branch

Example:

{
  "success": true,
  "action": "commit",
  "commit_sha": "abc123def",
  "changed_files": ["src/auth.py", "tests/test_auth.py"],
  "output": "[main abc123] feat: add user auth\
 2 files changed, 45 insertions(+)"
}

Configuration via Environment

GIT_MANAGER_LOG: path to activity log (default ~/.openclaw/logs/git-manager.log)
GIT_MANAGER_DRY_RUN: set "1" to default to dry-run
GIT_MANAGER_PROTECTED_BRANCHES: comma-separated list (default main,master,production)

Integration with OpenClaw

When used from a developer role session:

Automatically respects the session's cwd as the repo if --repo not provided
Can chain operations: status -> commit -> push in one go
Suggest commit messages based on git diff (if --message omitted)

Examples in OpenClaw Sessions

# Developer session
sessions_spawn(
  task="提交刚才修改的登录页面样式",
  config="configs/developer.yaml",
  attachments=[]
)
# The skill will: git add . && git commit -m "style: improve login page" && git push

Limitations

Does not handle merge conflicts automatically (requires human)
No rebase interactive (complex history edits)
Assumes standard Git flow (no custom hooks)
SSH keys must be pre-configured for push/pull

Troubleshooting

Issue	Check
Permission denied (publickey)	SSH agent running? `ssh-add -l`
Not a git repository	`--repo` path correct?
Branch protected	Cannot commit to main; create feature branch first
Merge conflict	Resolve manually; skill only detects conflict

Future Enhancements

PR creation via GitHub CLI (gh pr create)
Auto-version bump based on commit messages (semantic-release)
Branch cleanup (delete merged branches)

Usage Guidance

This skill claims to wrap git safely, but the package is missing the scripts it expects and index.ts runs a hard-coded script in /Users/nico/... that isn't included. That means you cannot verify what will actually run. Before installing or enabling this skill: 1) Do not run it on sensitive repositories. 2) Ask the publisher for the missing script sources (scripts/git-manager, scripts/git_manager.py, and the shell scripts referenced) and inspect them for arbitrary shell commands or network calls. 3) Require that the package be self-contained (no hard-coded absolute paths) and that environment variables and filesystem permissions in the manifest match SKILL.md. 4) If you must use it temporarily, run it in a sandboxed account or container with limited repository access and no private SSH keys. These inconsistencies make the skill suspicious until the missing scripts and manifest mismatches are resolved.

Capability Analysis

Type: OpenClaw Skill Name: git-manager Version: 1.0.0 The skill contains a critical shell injection vulnerability in `index.ts` where unsanitized user inputs (such as `message` and `repo`) are concatenated into a command string executed via `child_process.exec`. Additionally, `index.ts` relies on a hardcoded absolute path to a specific user's directory (`/Users/nico/...`), which is highly irregular for a portable skill bundle and suggests either environment-specific configuration or potential tampering. There is also a discrepancy between the main entry point defined in `skill.json` and the script actually invoked in the code.

Capability Assessment

⚠ Purpose & Capability

The skill claims to be a git CLI wrapper (status, commit, push, pull, branch, etc.), which aligns with its name. However, the runtime code executes an external script at an absolute user-specific path (/Users/nico/.openclaw/workspace/skills/git-manager/scripts/git-manager) that is not included in the package. skill.json references different script names (scripts/git_manager.py, various shell scripts) that also are not present. Requiring execution of an external, missing script at a hard-coded path is disproportionate and not justified by the description.

⚠ Instruction Scope

SKILL.md describes direct use of the git CLI and local repo operations and lists environment variables for configuring logs/dry-run/protected branches. The actual runtime (index.ts) delegates to an external script and passes args via child_process.exec. The SKILL.md does not mention the external script path or behavior of that script. SKILL.md also claims integration with session cwd, but the code calls a specific absolute script path, creating a mismatch and granting broad discretion to the external script (which is not visible).

⚠ Install Mechanism

There is no install spec, and no included scripts under scripts/ even though skill.json and index.ts expect them. The code will try to execute a non-included binary at a hard-coded absolute path. That is high-risk: the runtime depends on external artifacts not packaged with the skill, making behavior unpredictable and possibly executing arbitrary code if that path exists or is later created.

⚠ Credentials

The registry metadata lists no required env vars, but SKILL.md documents GIT_MANAGER_LOG, GIT_MANAGER_DRY_RUN, and GIT_MANAGER_PROTECTED_BRANCHES. skill.json also grants filesystem read/write to ~/.openclaw/workspace/**. The mismatch between declared requirements and the environment vars the instructions expect is a red flag. Access to the workspace and executing external scripts is more privilege than a minimal Git helper strictly requires, especially given the missing script contents.

ℹ Persistence & Privilege

The skill is not marked always:true and uses standard autonomous invocation. It logs to ~/.openclaw/logs and skill.json requests read/write under ~/.openclaw/workspace/** which is expected for a workspace-oriented git helper. This is not an immediate privilege escalation, but combined with the external script execution it increases the surface area: an executable in the workspace could be run with the agent's permissions.

Version History

v1.0.0

Initial release of git-manager skill. - Safely execute common Git operations: status, commit, push, pull, branch, checkout, merge, stash, log, diff. - Safety features: prevents force push by default, protects main/master/production branches, supports dry-run, logs all actions. - Structured JSON output for all actions, useful for automation and integration. - Commit message quality checks and suggestions included. - Configurable via environment variables. - Easily integrates with OpenClaw developer sessions, supports chained operations and auto-suggested commit messages. - Limitations: no automatic merge conflict resolution or interactive rebase; SSH setup required for push/pull.

Metadata

Slug git-manager

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Git Manager?

Perform common Git operations like status, commit, push, pull, branch management, and merge with safety checks and dry-run support. It is an AI Agent Skill for Claude Code / OpenClaw, with 196 downloads so far.

How do I install Git Manager?

Run "/install git-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Git Manager free?

Yes, Git Manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Git Manager support?

Git Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Git Manager?

It is built and maintained by liyico (@liyico); the current version is v1.0.0.

More Skills

Git Manager