← 返回 Skills 市场

commit-message-linter

Name: commit-message-linter
Author: charlie-morrison

作者 charlie-morrison · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install commit-message-linter

功能描述

Validate git commit messages against Conventional Commits spec and configurable rules. Use when linting commit messages, enforcing commit conventions, checki...

使用说明 (SKILL.md)

Commit Message Linter

Validate commit messages against Conventional Commits and custom rules. Pure Python, no dependencies.

Quick Start

# Lint last commit
python3 scripts/lint_commits.py

# Lint last 5 commits
python3 scripts/lint_commits.py --range HEAD~5..HEAD

# Lint a branch
python3 scripts/lint_commits.py --range main..feature-branch

# Lint a single message
python3 scripts/lint_commits.py --message "feat: add login"

# Read from stdin (git commit-msg hook)
python3 scripts/lint_commits.py --stdin \x3C .git/COMMIT_MSG

# Read from file
python3 scripts/lint_commits.py --file .git/COMMIT_MSG

Output Formats

python3 scripts/lint_commits.py --format text      # human-readable (default)
python3 scripts/lint_commits.py --format json       # CI/tooling
python3 scripts/lint_commits.py --format markdown   # reports

Configuration

Generate default config:

python3 scripts/lint_commits.py init

Creates .commitlintrc.json. Also auto-discovers .commitlintrc or commitlint.config.json.

Key config options:

header_max_length (72) — max header chars
require_conventional (true) — enforce \x3Ctype>[scope]: \x3Cdesc> format
types — allowed types (feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert)
scopes — allowed scopes (empty = any)
require_scope (false) — mandate scope
require_body (false) — mandate body
header_case — description start case: lower/upper/sentence/any
no_trailing_period (true) — reject trailing period on header
forbidden_patterns — regex patterns that reject commits
required_patterns — regex patterns that must match
--strict flag treats warnings as errors

Rules Reference

Rule	Level	Description
header-empty	error	Empty header
header-max-length	error	Header exceeds max length
header-min-length	warning	Header below min length
conventional-format	error	Not Conventional Commits format
type-enum	error	Type not in allowed list
scope-required	error	Missing required scope
scope-enum	error	Scope not in allowed list
description-empty	error	Empty description
description-case	warning	Wrong description case
header-no-period	warning	Trailing period
header-leading-whitespace	error	Leading whitespace
header-trailing-whitespace	warning	Trailing whitespace
body-separator	error	No blank line before body
body-required	warning	Missing required body
body-line-length	warning	Body line too long
body-max-lines	warning	Too many body lines
breaking-change-description	warning	Breaking ! without BREAKING CHANGE: in body
forbidden-pattern	error	Matches forbidden regex
required-pattern	warning	Doesn't match required regex

Exit Codes

0 — all commits pass (warnings OK unless --strict)
1 — errors found (or warnings with --strict)
2 — git/system error

CI Integration (Git Hook)

As commit-msg hook (.git/hooks/commit-msg):

#!/bin/sh
python3 path/to/lint_commits.py --file "$1" --strict

Auto-ignored: merge commits, reverts, version tags, "Initial commit".

安全使用建议

This skill appears to do exactly what it says: lint commit messages and optionally write a local config file. Before installing or adding it as a commit hook: (1) inspect the included scripts (already provided) to confirm they meet your policies; (2) run it in a test repository first to see what it writes (init will create .commitlintrc.json); (3) avoid running hooks on repositories that contain secrets you don't want processed by third-party tools; and (4) ensure python3 is the interpreter you expect. If you want extra assurance, run the script in a sandboxed repo to observe behavior. Confidence is high based on the provided SKILL.md and script (no network/credential use detected).

功能分析

Type: OpenClaw Skill Name: commit-message-linter Version: 1.0.0 The skill is classified as suspicious due to a potential argument injection vulnerability in `scripts/lint_commits.py`. The script passes the user-controlled `--range` argument directly to a `git log` subprocess call without sanitization. This could allow an attacker to inject git command-line options, such as `--output` to overwrite files or `--ext-diff` to execute arbitrary commands. While the code's logic is aligned with its stated purpose of linting commit messages, the lack of input validation on system calls constitutes a security flaw.

能力评估

✓ Purpose & Capability

Name/description match the code and instructions: the script lints commit messages, reads commits via 'git log' or .git/COMMIT_MSG, and can generate a .commitlintrc.json. No unrelated capabilities or credentials are requested.

✓ Instruction Scope

SKILL.md and the script stay within scope: running the linter on commits/branches/messages, installing a commit-msg hook, and initializing a local config. The script reads repository files and config files it auto-discovers; it does not instruct reading unrelated system files or sending data externally.

✓ Install Mechanism

No install spec (instruction-only) and the included script is pure Python with no external dependencies. This is low-risk and proportionate for the stated purpose.

✓ Credentials

The skill requires no environment variables, no external credentials, and does not access network endpoints. It uses subprocess to call 'git', which is expected for a git-centric tool.

✓ Persistence & Privilege

always is false and the skill is user-invocable. The only persistence behavior is creating a local .commitlintrc.json when the user runs the init command, which is appropriate for a linter.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install commit-message-linter
安装完成后，直接呼叫该 Skill 的名称或使用 /commit-message-linter 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug commit-message-linter

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题