← 返回 Skills 市场
Shadows Smart Commit
作者
NakedoShadow
· GitHub ↗
· v1.1.0
276
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install shadows-smart-commit
功能描述
Intelligent git commit assistant — analyzes diffs, enforces conventional commits, detects secrets, generates meaningful messages. Use when committing code ch...
安全使用建议
This skill appears to do what it says (analyze diffs, enforce conventional commits, run a local grep-based secret scan) and has low installation impact, but please consider the following before installing or invoking it: 1) Git hooks: commits can trigger local hooks (pre-commit, commit-msg, post-commit) which may execute arbitrary scripts, possibly including network calls or data exfiltration; the skill does not check for hooks — inspect .git/hooks and any hook frameworks (pre-commit, husky) in your repo before using. 2) Secret handling: the secret scan echoes matched lines to terminal output; if you run this in terminals with shared logging, CI, or telemetry, secrets may be exposed — run in a secure local terminal or enhance scanning with a vetted tool (gitleaks/trufflehog) for higher assurance. 3) Metadata mismatch: SKILL.md contains a homepage URL while the registry shows none; if provenance matters, verify the publisher/site before trusting. 4) Test first: try the instructions in a disposable repository to confirm behavior (and to check for unexpected hooks). If you need strict guarantees about network isolation or secret handling, prefer a vetted binary/toolchain or expand the workflow to detect and neutralize hooks and to avoid printing secret values.
功能分析
Type: OpenClaw Skill
Name: shadows-smart-commit
Version: 1.1.0
The 'smart-commit' skill is a legitimate utility designed to assist with git operations by enforcing security scans and conventional commit standards. It uses standard git commands and grep-based patterns in SKILL.md to detect secrets and sensitive files (e.g., .env, .pem) before committing, and explicitly forbids risky practices like 'git add .'. No evidence of data exfiltration, network access, or malicious intent was found.
能力评估
Purpose & Capability
Name/description align with required artifacts: the skill is instruction-only and only requires git, which is appropriate for a commit assistant. Minor metadata inconsistency: the registry entry lists no homepage, but SKILL.md metadata includes a homepage URL (https://clawhub.ai/NakedoShadow). This mismatch is likely benign but should be confirmed with the publisher.
Instruction Scope
The SKILL.md stays within commit-related operations (status, diff, staging, commit message generation) and mandates a local grep-based secret scan. However it explicitly states "No network access" yet does not address git hooks (pre-commit/post-commit/hooks can run arbitrary scripts which may perform network activity). The secret-scan prints matched lines to the terminal — that may expose secrets to terminal output and any attached logging/telemetry if run in automated environments. The instructions do caution users to run in a secure terminal, but they do not instruct the agent to detect or warn about commit hooks or CI environments.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal surface area and nothing written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The scope of requested access (git on PATH) is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill declares it is stateless with no persistence. It does not request elevated or permanent privileges. Autonomous model invocation is enabled by default but not a standalone concern here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shadows-smart-commit - 安装完成后,直接呼叫该 Skill 的名称或使用
/shadows-smart-commit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
HIGH TRUST upgrade: added PREREQUISITES, SECURITY CONSIDERATIONS, homepage, concrete instructions
v1.0.0
Smart Commit 1.0.0 — initial release!
- Automates intelligent git commits by analyzing diffs and enforcing conventional commit formats.
- Mandatory security scans detect secrets and sensitive files before any commit.
- Stages files explicitly, never with globbing (e.g., no `git add .`), and groups related changes logically.
- Generates meaningful commit messages focused on intent, always following Conventional Commits style.
- Provides detailed output, including detected changes, security check results, staging lists, and proposed commit message.
- Strictly follows git best practices (no force-push on main, no amend by default, never skipping hooks).
元数据
常见问题
Shadows Smart Commit 是什么?
Intelligent git commit assistant — analyzes diffs, enforces conventional commits, detects secrets, generates meaningful messages. Use when committing code ch... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 276 次。
如何安装 Shadows Smart Commit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shadows-smart-commit」即可一键安装,无需额外配置。
Shadows Smart Commit 是免费的吗?
是的,Shadows Smart Commit 完全免费(开源免费),可自由下载、安装和使用。
Shadows Smart Commit 支持哪些平台?
Shadows Smart Commit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 Shadows Smart Commit?
由 NakedoShadow(@nakedoshadow)开发并维护,当前版本 v1.1.0。
推荐 Skills