功能描述

Perform common Git operations like status, commit, push, pull, branch management, and merge with safety checks and dry-run support.

使用说明 (SKILL.md)

Git Manager Skill

Name: Git Manager
Author: liyico

This skill safely executes common Git commands. It wraps git CLI with additional safety checks and structured output.

Capabilities

status - Show working tree status
commit - Stage changes and commit (with message)
push - Push to remote
pull - Pull from remote (rebase or merge)
branch - Create, list, delete branches
checkout - Switch branches
merge - Merge branches
stash - Stash/apply changes
log - Show commit history
diff - Show changes

Safety Features

No force push by default (--force must be explicit)
Protected branches: Cannot delete or commit directly to main/master/production
Dry-run mode: Preview operations before execution
Auto-commit message quality check (LLM can improve messages)
All operations logged to ~/.openclaw/logs/git-manager.log

When to Use

User says:

"查看Git状态"
"提交代码"
"推送到远程仓库"
"拉取最新代码"
"创建新分支"
"合并分支"
"查看提交历史"

Invocation

# Status
git-manager --action status --repo /path/to/repo

# Commit all changes
git-manager --action commit --repo /path/to/repo --message "feat: add user auth"

# Commit specific files
git-manager --action commit --repo /path/to/repo --files [file1,file2] --message "fix: bug in payment"

# Push
git-manager --action push --repo /path/to/repo --branch feature-xyz

# Pull
git-manager --action pull --repo /path/to/repo --branch main

# Create branch
git-manager --action branch --repo /path/to/repo --create new-branch --from main

# Checkout
git-manager --action checkout --repo /path/to/repo --branch feature-xyz

# Diff
git-manager --action diff --repo /path/to/repo --files [file1]

Output Format

JSON with fields:

success: boolean
output: string (raw git output)
error: string (if failed)
changed_files: array (for commit)
commit_sha: string (after commit)
branch: current branch

Example:

{
  "success": true,
  "action": "commit",
  "commit_sha": "abc123def",
  "changed_files": ["src/auth.py", "tests/test_auth.py"],
  "output": "[main abc123] feat: add user auth\
 2 files changed, 45 insertions(+)"
}

Configuration via Environment

GIT_MANAGER_LOG: path to activity log (default ~/.openclaw/logs/git-manager.log)
GIT_MANAGER_DRY_RUN: set "1" to default to dry-run
GIT_MANAGER_PROTECTED_BRANCHES: comma-separated list (default main,master,production)

Integration with OpenClaw

When used from a developer role session:

Automatically respects the session's cwd as the repo if --repo not provided
Can chain operations: status -> commit -> push in one go
Suggest commit messages based on git diff (if --message omitted)

Examples in OpenClaw Sessions

# Developer session
sessions_spawn(
  task="提交刚才修改的登录页面样式",
  config="configs/developer.yaml",
  attachments=[]
)
# The skill will: git add . && git commit -m "style: improve login page" && git push

Limitations

Does not handle merge conflicts automatically (requires human)
No rebase interactive (complex history edits)
Assumes standard Git flow (no custom hooks)
SSH keys must be pre-configured for push/pull

Troubleshooting

Issue	Check
Permission denied (publickey)	SSH agent running? `ssh-add -l`
Not a git repository	`--repo` path correct?
Branch protected	Cannot commit to main; create feature branch first
Merge conflict	Resolve manually; skill only detects conflict

Future Enhancements

PR creation via GitHub CLI (gh pr create)
Auto-version bump based on commit messages (semantic-release)
Branch cleanup (delete merged branches)

安全使用建议

This skill claims to wrap git safely, but the package is missing the scripts it expects and index.ts runs a hard-coded script in /Users/nico/... that isn't included. That means you cannot verify what will actually run. Before installing or enabling this skill: 1) Do not run it on sensitive repositories. 2) Ask the publisher for the missing script sources (scripts/git-manager, scripts/git_manager.py, and the shell scripts referenced) and inspect them for arbitrary shell commands or network calls. 3) Require that the package be self-contained (no hard-coded absolute paths) and that environment variables and filesystem permissions in the manifest match SKILL.md. 4) If you must use it temporarily, run it in a sandboxed account or container with limited repository access and no private SSH keys. These inconsistencies make the skill suspicious until the missing scripts and manifest mismatches are resolved.

功能分析

Type: OpenClaw Skill Name: git-manager Version: 1.0.0 The skill contains a critical shell injection vulnerability in `index.ts` where unsanitized user inputs (such as `message` and `repo`) are concatenated into a command string executed via `child_process.exec`. Additionally, `index.ts` relies on a hardcoded absolute path to a specific user's directory (`/Users/nico/...`), which is highly irregular for a portable skill bundle and suggests either environment-specific configuration or potential tampering. There is also a discrepancy between the main entry point defined in `skill.json` and the script actually invoked in the code.

能力评估

⚠ Purpose & Capability

The skill claims to be a git CLI wrapper (status, commit, push, pull, branch, etc.), which aligns with its name. However, the runtime code executes an external script at an absolute user-specific path (/Users/nico/.openclaw/workspace/skills/git-manager/scripts/git-manager) that is not included in the package. skill.json references different script names (scripts/git_manager.py, various shell scripts) that also are not present. Requiring execution of an external, missing script at a hard-coded path is disproportionate and not justified by the description.

⚠ Instruction Scope

SKILL.md describes direct use of the git CLI and local repo operations and lists environment variables for configuring logs/dry-run/protected branches. The actual runtime (index.ts) delegates to an external script and passes args via child_process.exec. The SKILL.md does not mention the external script path or behavior of that script. SKILL.md also claims integration with session cwd, but the code calls a specific absolute script path, creating a mismatch and granting broad discretion to the external script (which is not visible).

⚠ Install Mechanism

There is no install spec, and no included scripts under scripts/ even though skill.json and index.ts expect them. The code will try to execute a non-included binary at a hard-coded absolute path. That is high-risk: the runtime depends on external artifacts not packaged with the skill, making behavior unpredictable and possibly executing arbitrary code if that path exists or is later created.

⚠ Credentials

The registry metadata lists no required env vars, but SKILL.md documents GIT_MANAGER_LOG, GIT_MANAGER_DRY_RUN, and GIT_MANAGER_PROTECTED_BRANCHES. skill.json also grants filesystem read/write to ~/.openclaw/workspace/**. The mismatch between declared requirements and the environment vars the instructions expect is a red flag. Access to the workspace and executing external scripts is more privilege than a minimal Git helper strictly requires, especially given the missing script contents.

ℹ Persistence & Privilege

The skill is not marked always:true and uses standard autonomous invocation. It logs to ~/.openclaw/logs and skill.json requests read/write under ~/.openclaw/workspace/** which is expected for a workspace-oriented git helper. This is not an immediate privilege escalation, but combined with the external script execution it increases the surface area: an executable in the workspace could be run with the agent's permissions.

版本历史

v1.0.0

Initial release of git-manager skill. - Safely execute common Git operations: status, commit, push, pull, branch, checkout, merge, stash, log, diff. - Safety features: prevents force push by default, protects main/master/production branches, supports dry-run, logs all actions. - Structured JSON output for all actions, useful for automation and integration. - Commit message quality checks and suggestions included. - Configurable via environment variables. - Easily integrates with OpenClaw developer sessions, supports chained operations and auto-suggested commit messages. - Limitations: no automatic merge conflict resolution or interactive rebase; SSH setup required for push/pull.

元数据

Slug git-manager

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题

Git Manager 是什么？

Perform common Git operations like status, commit, push, pull, branch management, and merge with safety checks and dry-run support. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 196 次。

如何安装 Git Manager？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install git-manager」即可一键安装，无需额外配置。

Git Manager 是免费的吗？

是的，Git Manager 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Git Manager 支持哪些平台？

Git Manager 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Git Manager？

由 liyico（@liyico）开发并维护，当前版本 v1.0.0。

Git Manager