Skills
skills/sundial-org/awesome-openclaw-skills/git-sync/Gen Agent Trust Hub

git-sync

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The sync.sh script executes shell commands including git add, git commit, and git push to perform repository synchronization. It uses a hardcoded path /home/crishaocredits/.openclaw/workspace, which also reveals environment-specific details about the host system.\n- [DATA_EXFILTRATION]: The skill is designed to transmit all files within the workspace directory to a remote GitHub repository. This functionality can lead to the accidental exposure of sensitive files, such as environment variables, secrets, or private keys, if they are not correctly managed via .gitignore.\n- [INDIRECT_PROMPT_INJECTION]: The message parameter in the git_sync tool is passed directly to the shell script and used in the git commit -m command. While the variable is double-quoted in the script to prevent simple word splitting, it represents an unvalidated input surface that could be used to inject misleading information into repository logs or influence downstream CI/CD pipelines.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 09:21 AM