Conversation
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
|
It also seems like using Wasn't able to get autocomplete for repo names. |
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| name: local-repo | ||
| description: Investigate, compare, and modify files in other local git repositories. Use when asked to "check another repo", "look at other repo", "compare repos", "local-repo", "cross-repo", "what does sentry-python do", or work with a repository outside the current working directory. | ||
| argument-hint: "<repo-name> [file-pattern-or-query]" | ||
| allowed-tools: Read, Glob, Bash, Edit, Write, Task, WebFetch, AskUserQuestion |
There was a problem hiding this comment.
🟠 [YLL-4LU] High number of allowed tools (8 tools) warrants scrutiny (medium confidence)
The skill requests 8 tools (Read, Glob, Bash, Edit, Write, Task, WebFetch, AskUserQuestion) which exceeds the 5-tool threshold that typically warrants review. While each tool appears justified by the skill instructions, this broad permission set increases the attack surface.
Identified by Warden via skill-scanner · medium, medium confidence
| ```bash | ||
| git -C <repo-path> symbolic-ref refs/remotes/origin/HEAD --short | ||
| ``` | ||
| Strip the `origin/` prefix from the output. If this command fails, try `main` then `master`. | ||
|
|
There was a problem hiding this comment.
Bug: The local-repo skill requires git -C and test -e commands, but the permission settings in .claude/settings.json don't grant access, breaking the skill.
Severity: HIGH
Suggested Fix
Update the .claude/settings.json file to include permission patterns that cover the commands used by the local-repo skill. This would involve adding patterns for git -C commands (e.g., Bash(git -C *:*)) and for the test command (e.g., Bash(test -e *:*)).
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: plugins/sentry-skills/skills/local-repo/SKILL.md#L80-L84
Potential issue: The `local-repo` skill, as defined in `SKILL.md`, instructs the agent
to execute several shell commands, including `git` commands with the `-C` flag (e.g.,
`git -C <repo-path> branch --show-current`) and `test -e` commands. The permission
system uses prefix matching, and the existing patterns in `.claude/settings.json` like
`Bash(git branch:*)` do not match commands that start with `git -C`. Additionally, there
is no permission pattern that allows the `test -e` command. As a result, when the skill
is invoked, these essential commands will be blocked, rendering the skill
non-functional.
1 participant
A skill that lets you investigate, compare and modify other local git repositories from your current chat in a single repo.
How it works
The
~/.claude/repos.local.jsonconfig file is used to specify which directories contain repositories on your machine.When using the skill, it'll look for a matching repo in all configured directories and then use that.
It will notify you if the repo is missing.
It will also notify you if the referenced repo is outdated, on a non main branch or has local changes.
Why
An alternative to setting up workspaces in Cursor that include multiple repos.
I used to start a new chat in a specific (SDK) repo just to answer a question about some internals of that SDK. This involved lots of duplicate explaining and also becomes annoying to manage in terms of which chat on repo A goes with which chat on repo B etc.
Example usages
Also works when using speech-to-text to enter:
Recommended permissions
NOTE: Please review those before copying them.
In
~/.claude/settings.json: