Git Tools
OpenClaw plugin for git repository management in the workspace.
Community code plugin. Review compatibility and verification before install.
marxbiotech-git-tools · runtime id marxbiotech-git-tools
Install
openclaw plugins install clawhub:marxbiotech-git-toolsLatest Release
Version 1.0.0
Compatibility
{
"builtWithOpenClawVersion": "1.0.0",
"pluginApiRange": ">=1.0.0"
}Capabilities
{
"bundledSkills": [],
"capabilityTags": [
"executes-code"
],
"channels": [],
"commandNames": [],
"configSchema": true,
"configUiHints": false,
"executesCode": true,
"hooks": [],
"httpRouteCount": 0,
"materializesDependencies": false,
"providers": [],
"runtimeId": "marxbiotech-git-tools",
"serviceNames": [],
"setupEntry": false,
"toolNames": []
}Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: commands implement repo checks, scanning, cloning and pulling. Declared requirements (git CLI) and the repo root layout match the code's behavior. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Runtime instructions and code operate on the workspace repos directory (default /root/.openclaw/workspace/repos) and run only git operations (diff, status, log, pull, clone). This is consistent with the stated scope. Note: the skill will clone/pull arbitrary Git URLs provided by the user (network activity) and will inspect repository contents (including file names and diffs) which is expected for a git-management tool.
Install Mechanism
No install spec; it is delivered as plugin code (TypeScript + helper scripts) to be executed by the platform. No external download URLs or archive extraction are used.
Credentials
The skill requests no environment variables or secrets. It does use process.env.OPENCLAW_HOME if present to locate the workspace, which is reasonable. Be aware: git operations will implicitly use any SSH keys or credential helper/config present in the container (e.g., ~/.ssh, global git config) when performing network operations; this is expected but worth noting.
Persistence & Privilege
always:false and commands require explicit invocation (requireAuth:true). The skill does modify container-global git config (sets pull.rebase = true) which alters git behavior in the container; this is a modest side effect but consistent with its sync functionality.
Assessment
This plugin appears to do what it says: scan repos, run pre-push checks, and clone/pull repos. Before installing, consider: (1) cloning/pulling runs network operations and will use any SSH keys or credential helpers available in the container — only run trusted URLs; (2) the skill sets git --global pull.rebase = true inside the container, which changes git behavior there; (3) the plugin will read repository contents under the workspace/repos path (so don't place secrets there). If those behaviors are acceptable, the skill is coherent with its stated purpose.src/shared.ts:13
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Verification
{
"hasProvenance": false,
"scanStatus": "clean",
"scope": "artifact-only",
"sourceCommit": "172ec47851ae8a6516032204dce3182fc800e077",
"sourceRepo": "marxbiotech/moltbot-app",
"sourceTag": "172ec47851ae8a6516032204dce3182fc800e077",
"summary": "Validated package structure and linked the release to source metadata.",
"tier": "source-linked"
}Tags
{
"latest": "1.0.0"
}git-tools
OpenClaw plugin for git repository management in the workspace.
Commands
| Command | Description |
|---|---|
/git_check [path] | Pre-push safety check — sensitive files, diff size, branch name, divergence |
/git_sync [url] | Pull all workspace repos (no args) or clone a new repo by URL |
/git_repos | Scan all workspace repos — branch, dirty status, last commit |
Requirements
gitCLI installed in the container (included in base image)