The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local TypeScript scripts and external CLI tools like git and gh to automate repository tasks. These commands are invoked using execFileSync in scripts/shared.ts, which safely passes arguments as a discrete array, effectively mitigating shell injection risks.
[SAFE]: The skill manages its own local state in a .nemoclaw-maintainer directory. It includes logic to automatically add this directory to .git/info/exclude, ensuring that local agent metadata is not accidentally committed to the repository.
[SAFE]: No hardcoded credentials or sensitive data exfiltration patterns were detected. All network communication is performed through established development tools (git, gh) targeting the project's official repository infrastructure.
[SAFE]: The skill's architecture relies on Node.js's built-in capability to run TypeScript files directly (--experimental-strip-types), avoiding the need for external build dependencies or unverifiable remote script execution.

nemoclaw-maintainer-day