One-command Git tracking setup for any working directory, with a security-focused .gitignore (credentials, TLS/SSH private keys, tokens, runtime caches & PID...
Security Analysis
high confidenceThis skill transparently sets up local Git tracking and can create a local commit, with no hidden upload, installer, or privilege escalation found.
The artifacts match the stated purpose: a Bash script initializes or audits Git, writes a security-focused .gitignore, checks large files and tracked sensitive filenames, and makes a local first commit.
The trigger language is broad and the default mode mutates the workspace, but the behavior is disclosed and bounded to version-control setup or repo health checks; --audit and --dry-run are documented non-mutating modes.
The package contains markdown documentation and one Bash script. It does not install dependencies, create background services, or run an installer automatically.
The script operates on a chosen workspace, reads Git identity from environment variables or local git config, and scans file names and sizes. This is proportionate for Git setup, but users should review the workspace before staging everything.
It creates persistent local Git state, .gitignore content, git config, and commits, but it does not add a remote, push data, request elevated privileges, or establish ongoing persistence.
Guidance
Install only if you want a tool that may initialize Git and locally commit the selected workspace. Run it with --dry-run or --audit first, inspect .gitignore and git status, and remember that a local commit can still include files not covered by the ignore rules even though the skill does not push to a remote.
Latest Release
v1.0.3
UGLIC fixes: realpath fallback for macOS, Author/Repo/License in SKILL.md, better dry-run hint
More by @songhonglei
Published by @songhonglei on ClawHub
