Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

bianhaifeng789-hue/skills-experimental/bare-git-repo-security-scrub

Name: skills-experimental/bare-git-repo-security-scrub
Author: bianhaifeng789-hue

skills-experimental/bare-git-repo-security-scrub/SKILL.md

npx skillsauth add bianhaifeng789-hue/openclaw-config skills-experimental/bare-git-repo-security-scrub

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Bare Git Repo Security Scrub Pattern

Source

Claude Code: utils/sandbox/sandbox-adapter.ts (bareGitRepoScrubPaths, scrubBareGitRepoFiles)

Pattern

Scrub planted bare-repo files after sandboxed command - prevent git config escape.

Code Example

// SECURITY: Git's is_git_directory() treats cwd as a bare repo if it has:
// HEAD + objects/ + refs/. An attacker planting these (plus config with
// core.fsmonitor) escapes the sandbox when Claude's unsandboxed git runs.

// Paths that didn't exist at config time - scrub after command
const bareGitRepoScrubPaths: string[] = []

// Build scrub list during convertToSandboxRuntimeConfig
const bareGitRepoFiles = ['HEAD', 'objects', 'refs', 'hooks', 'config']
for (const dir of cwd === originalCwd ? [originalCwd] : [originalCwd, cwd]) {
  for (const gitFile of bareGitRepoFiles) {
    const p = resolve(dir, gitFile)
    try {
      statSync(p)
      denyWrite.push(p)  // Exists - mount /dev/null (ro-bind, no stub)
    } catch {
      bareGitRepoScrubPaths.push(p)  // Doesn't exist - scrub after command
    }
  }
}

/**
 * Delete bare-repo files planted during sandboxed command.
 * Called in cleanupAfterCommand() before unsandboxed git runs.
 */
function scrubBareGitRepoFiles(): void {
  for (const p of bareGitRepoScrubPaths) {
    try {
      rmSync(p, { recursive: true })
      logForDebugging(`[Sandbox] scrubbed planted bare-repo file: ${p}`)
    } catch {
      // ENOENT is expected - nothing was planted
    }
  }
}

// Export in SandboxManager
export const SandboxManager: ISandboxManager = {
  cleanupAfterCommand: (): void => {
    BaseSandboxManager.cleanupAfterCommand()
    scrubBareGitRepoFiles()  // Scrub planted files
  },
}

Key Concepts

Bare Repo Attack: HEAD + objects/ + refs/ at cwd → git treats as bare repo
fsmonitor Escape: Attacker plants config with core.fsmonitor → sandbox escape
Two-Phase Defense: denyWrite existing files, scrub non-existent after command
Cleanup After Command: Called before unsandboxed git runs
ENOENT Expected: Common case - nothing was planted

Benefits

Prevents git config sandbox escape attack
Handles both existing and planted files
Minimal overhead (ENOENT on most calls)

When to Use

Sandboxed environments with git operations
Security-critical file protection
Cleanup after potentially malicious commands

Related Patterns

Git Worktree Main Repo Detection (sandbox-adapter.ts)
Sandbox Settings Adapter (sandbox-adapter.ts)
Cleanup Registry Pattern (cleanupRegistry.ts)

bianhaifeng789-hue/skills-experimental/bare-git-repo-security-scrub

skills-experimental/bare-git-repo-security-scrub/SKILL.md

# Bare Git Repo Security Scrub Pattern ## Source Claude Code: `utils/sandbox/sandbox-adapter.ts` (bareGitRepoScrubPaths, scrubBareGitRepoFiles) ## Pattern Scrub planted bare-repo files after sandboxed command - prevent git config escape. ## Code Example ```typescript // SECURITY: Git's is_git_directory() treats cwd as a bare repo if it has: // HEAD + objects/ + refs/. An attacker planting these (plus config with // core.fsmonitor) escapes the sandbox when Claude's unsandboxed git runs. // Pa

development

Updated Apr 20, 2026

$ install --global

skillsauth

npx skillsauth add bianhaifeng789-hue/openclaw-config skills-experimental/bare-git-repo-security-scrub

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 20, 2026, 3:06 PM5.0s1 file scanned

SKILL.md

Bare Git Repo Security Scrub Pattern

Source

Claude Code: utils/sandbox/sandbox-adapter.ts (bareGitRepoScrubPaths, scrubBareGitRepoFiles)

Pattern

Scrub planted bare-repo files after sandboxed command - prevent git config escape.

Code Example

// SECURITY: Git's is_git_directory() treats cwd as a bare repo if it has:
// HEAD + objects/ + refs/. An attacker planting these (plus config with
// core.fsmonitor) escapes the sandbox when Claude's unsandboxed git runs.

// Paths that didn't exist at config time - scrub after command
const bareGitRepoScrubPaths: string[] = []

// Build scrub list during convertToSandboxRuntimeConfig
const bareGitRepoFiles = ['HEAD', 'objects', 'refs', 'hooks', 'config']
for (const dir of cwd === originalCwd ? [originalCwd] : [originalCwd, cwd]) {
  for (const gitFile of bareGitRepoFiles) {
    const p = resolve(dir, gitFile)
    try {
      statSync(p)
      denyWrite.push(p)  // Exists - mount /dev/null (ro-bind, no stub)
    } catch {
      bareGitRepoScrubPaths.push(p)  // Doesn't exist - scrub after command
    }
  }
}

/**
 * Delete bare-repo files planted during sandboxed command.
 * Called in cleanupAfterCommand() before unsandboxed git runs.
 */
function scrubBareGitRepoFiles(): void {
  for (const p of bareGitRepoScrubPaths) {
    try {
      rmSync(p, { recursive: true })
      logForDebugging(`[Sandbox] scrubbed planted bare-repo file: ${p}`)
    } catch {
      // ENOENT is expected - nothing was planted
    }
  }
}

// Export in SandboxManager
export const SandboxManager: ISandboxManager = {
  cleanupAfterCommand: (): void => {
    BaseSandboxManager.cleanupAfterCommand()
    scrubBareGitRepoFiles()  // Scrub planted files
  },
}

Key Concepts

Bare Repo Attack: HEAD + objects/ + refs/ at cwd → git treats as bare repo
fsmonitor Escape: Attacker plants config with core.fsmonitor → sandbox escape
Two-Phase Defense: denyWrite existing files, scrub non-existent after command
Cleanup After Command: Called before unsandboxed git runs
ENOENT Expected: Common case - nothing was planted

Benefits

Prevents git config sandbox escape attack
Handles both existing and planted files
Minimal overhead (ENOENT on most calls)

When to Use

Sandboxed environments with git operations
Security-critical file protection
Cleanup after potentially malicious commands

Related Patterns

Git Worktree Main Repo Detection (sandbox-adapter.ts)
Sandbox Settings Adapter (sandbox-adapter.ts)
Cleanup Registry Pattern (cleanupRegistry.ts)

Related Skills

bianhaifeng789-hue/iaa-feishu-reporting

business

VerifiedTrustedCommunity

IAA 日报飞书输出能力。支持把固定 CSV 模板一键转换成： - 中文运营结论 - 飞书卡片 JSON - 飞书发送载荷 Use when: - 需要把 IAA 日报直接发到飞书 - 需要从 CSV 一键生成运营日报

SKILL.mdUpdated Apr 21, 2026

bianhaifeng789-hue/iaa-feishu-reporting

bianhaifeng789-hue/iaa-daily-report-model

data-ai

VerifiedTrustedCommunity

IAA日报分析模型功能： - 渠道日报自动分析 - 小时级+日级ROI联动判断 - 按地区输出加量/降量/停投建议 - 按产品类型输出阈值 - 自动识别利润区/观察区/止损区 Use when: - 分析每天投放数据 - 生成运营日报结论 - 判断是否加量/降量/停投 - 对比美加澳/日韩表现 Keywords: - 日报模型, 投放日报, 加量, 降量, 停投, ROI日报, 分地区分析

SKILL.mdUpdated Apr 21, 2026

bianhaifeng789-hue/iaa-daily-report-model

bianhaifeng789-hue/iaa-daily-fixed-template

data-ai

VerifiedTrustedCommunity

IAA固定日报分析模板功能： - 固定字段模板（可直接贴每天数据） - 自动输出总盘结论 - 自动输出美加澳/日韩结论 - 自动给出加量/降量/停投建议 - 适配文件修复/清理两类产品 Use when: - 需要固定日报格式 - 每天复盘渠道表现 - 给运营团队出统一结论 Keywords: - 固定模板, 日报模板, ROI模板, IAA日报, 运营模板

SKILL.mdUpdated Apr 21, 2026

bianhaifeng789-hue/iaa-daily-fixed-template

bianhaifeng789-hue/skills-experimental/hyperlink-pool-pattern

development

VerifiedTrustedCommunity

# HyperlinkPool Pattern Skill HyperlinkPool Pattern - HyperlinkPool class + strings array + stringMap + Index 0 no hyperlink + intern(hyperlink) + get(id) + undefined handling + 5-minute reset + OSC8 hyperlink interning。 ## 功能概述从Claude Code的ink/screen.ts提取的HyperlinkPool模式，用于OpenClaw的OSC8超链接池管理。 ## 核心机制 ### HyperlinkPool Class ```typescript export class HyperlinkPool { private strings: string[] = [''] // Index 0 = no hyperlink private stringMap = new Map<string, number>() // strings

SKILL.mdUpdated Apr 21, 2026

bianhaifeng789-hue/skills-experimental/hyperlink-pool-pattern

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/bianhaifeng789-hue/openclaw-config.git

# Copy into Claude Code skills folder (global)
cp -r openclaw-config/skills-experimental/bare-git-repo-security-scrub ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

bianhaifeng789-hue/openclaw-config

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT