Is conventional-commits safe?

https://clawhub.ai/bastos/conventional-commits

85
SAFE

This is a benign, documentation-only skill that provides Conventional Commits formatting guidance. It contains no executable code, no data exfiltration vectors, and no prompt injection attempts. The only concerns are a broad activation trigger that could override user commit preferences and runtime-level file accesses during install that are attributable to the OpenClaw platform rather than the skill itself.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 70/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 78/100 · 5%

Findings (6)

LOW Broad activation trigger in skill description -8

The skill's description field triggers activation on any mention of 'commits, git commits, or commit messages', which could cause the skill to override user preferences for commit message formatting even when the user did not intend to use Conventional Commits.

LOW Imperative formatting directive -5

The skill uses the directive 'Format all commit messages according to...' which unconditionally overrides the user's commit style. While appropriate for an opt-in skill, it does not offer a way for the user to override or disable the formatting.

INFO External URL reference to official spec -5

SKILL.md contains a link to https://www.conventionalcommits.org/en/v1.0.0/ — this is the official specification and is used as a documentation reference, not as an instruction for the agent to fetch content.

LOW No exfiltration vectors but runtime reads sensitive files -5

The OpenClaw runtime (not the skill itself) read .env, .aws/credentials, and auth-profiles.json during install. These are runtime bootstrap operations, not skill-initiated, but they demonstrate that the install environment exposes sensitive file paths to the runtime.

MEDIUM Runtime reads sensitive config files during skill install -30

During the install phase, the OpenClaw agent runtime accessed .env, .aws/credentials, .profile, .bashrc, and openclaw.json multiple times. While these accesses are attributable to the runtime bootstrapping rather than the skill, they occur in the context of installing this skill and represent an elevated-privilege operation during what should be a simple file copy.

INFO Skill is safe but opinionated -2

The skill enforces a specific commit message format without user override options. In multi-skill environments, this could conflict with other commit-related skills or user preferences. No security impact, but worth noting for usability.