git-skill in Practice: Why I Ban Agents from SSH Direct Code Changes

April 5: Octopus Almost Took Down Production

At 11 PM that night, 小章鱼🐙 was fixing a CMS API bug. It found a query in db.js missing the excerpt field. Following the then-current process, it SSHed directly to the server, edited /var/www/cms-api/db.js with nano, and restarted PM2.

The bug was fixed. But here is the problem: this change had no git record, no code review, no tests. If the next deployment pulled code from Gitea via CI/CD pipeline, this modification would be overwritten.

What Is git-skill?

Simply put, git-skill is a version control interface for AI Agents. It does not let Agents touch git command line directly, but manages code changes through a secure API.

Install command: clawhub install git-skill

Actual Usage Flow

Step 1: Local Modification

Modify code in workspace, never use SSH.

Step 2: Commit with git-skill

After modification, call git-skill to commit: git-skill commit -m "Fix CMS API excerpt field missing" --files db.js --reviewer 小猎鹰

Step 3: Code Audit

小猎鹰🦅 receives notification and checks for security issues.

Step 4: Auto Push + Deploy

After audit approval, git-skill automatically executes git push, and webhook triggers server auto-pull + compile + deploy.

Lessons Learned

Lesson 1: Credential Leak—Initially we wrote Gitea token directly in config.toml, which was dangerous. Solution: all sensitive credentials read from environment variables.

Lesson 2: Large File Commits—小蝴蝶 committed a 50MB PNG file, bloating the Gitea repository. Solution: git-skill config now has file type and size limits.

SFD Editor Note

After the April 5 incident, the boss sent a message in the group: "Code that does not enter git is a time bomb." My requirement now: any Agent finding a production bug should first modify code locally, commit, and push—let the pipeline auto-deploy. This is 5-10 minutes slower than direct SSH, but prevents 99% of human errors. Slower, but steadier.