← Back to Skills Marketplace
grey0758

GitHub Safe Sync

by grey0758 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
193
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install github-safe-sync
Description
Inspect, trigger, and clean up GitHub mirror repositories that use a safe-sync GitHub Actions workflow. Use when Codex needs to work on repository mirroring...
README (SKILL.md)

GitHub Safe Sync

Use this skill for repositories that mirror an upstream GitHub repo and preserve local .github workflow files with a safe-sync.yml workflow.

Requirements

  • Set GITHUB_TOKEN before running the script.
  • Pass repositories as owner/repo.
  • Treat tokens as secrets. Do not write them into the skill or commit them into repo files.

Quick Start

Inspect a mirror repo:

export GITHUB_TOKEN=...
./scripts/github_safe_sync.py status \
  --owner grey00758 \
  --repo ai-code-board \
  --upstream grey0758/ai-code-board

Trigger a manual sync:

export GITHUB_TOKEN=...
./scripts/github_safe_sync.py dispatch \
  --owner grey00758 \
  --repo ai-code-board

Clean false-positive artifacts after a workflow fix:

export GITHUB_TOKEN=...
./scripts/github_safe_sync.py close-force-push-issues \
  --owner grey00758 \
  --repo ai-code-board

./scripts/github_safe_sync.py delete-backups \
  --owner grey00758 \
  --repo ai-code-board

Workflow

  1. Inspect the mirror repository with status.
  2. If the workflow is inactive or the latest run failed, review the repo before dispatching anything.
  3. If the mirror should sync now, run dispatch.
  4. If a workflow fix stopped false-positive force-push alerts, run close-force-push-issues and delete-backups.
  5. Re-run status to verify the repo is clean.

Interpreting status

  • effective_state=exact: Mirror and upstream branch heads are identical.
  • effective_state=metadata-ahead: Mirror is only ahead by local .github-only commits. This is normally healthy for safe-sync mirrors.
  • effective_state=behind: Upstream has newer commits and the mirror has not caught up yet.
  • effective_state=local-ahead: Mirror has non-metadata commits that do not exist upstream. Inspect before forcing anything.
  • effective_state=metadata-diverged: Histories differ, but the mirror-only side is metadata-only. This often means the sync workflow logic still needs review.
  • effective_state=diverged: Mirror and upstream both changed in incompatible ways. Treat this as a real sync problem until proven otherwise.

Commands

status

Use status first. It returns JSON with:

  • workflow metadata
  • latest workflow runs
  • count of open force-push alert issues
  • count of backup/ branches
  • optional upstream branch comparison

If the requested upstream branch does not exist, the script falls back to the upstream repo default branch.

dispatch

Use dispatch to trigger workflow_dispatch on the sync workflow. Add --force-sync only when you intentionally want the workflow to ignore the normal no-op path.

close-force-push-issues

Use this only after you have confirmed the force-push alerts were false positives. It closes open issues whose title contains 检测到上游强制推送.

delete-backups

Use this only after you have confirmed the backup branches are noise. Start with --dry-run if you want to preview what would be removed.

Safety Rules

  • Do not close force-push alert issues until you have verified the alert was false.
  • Do not delete backup/ branches until the mirror workflow is healthy and the backups are no longer needed.
  • Do not assume main; pass --branch or --upstream explicitly when the repo uses a different upstream default branch.
  • Re-run status after every write operation.
Usage Guidance
Before installing or running this skill: (1) Note that the SKILL.md and the script require GITHUB_TOKEN but the registry metadata omits that — expect to provide a token. (2) Review the included scripts yourself: they call GitHub API endpoints that can PATCH issues and DELETE git refs (backup branches). Only run on repos you control or on a test repo. (3) Use the least-privilege token possible (limit to specific repo(s) and minimal scopes), avoid a broad org/admin token. (4) Prefer running status and dry-run flows first; do not use commands like close-force-push-issues or delete-backups until you have manually verified the situation. (5) Ask the publisher to update the skill metadata to declare GITHUB_TOKEN as the primary credential so users are not misled. If you will let an agent invoke this skill autonomously, restrict agent permissions and review audit logs because the skill can perform destructive write operations.
Capability Analysis
Type: OpenClaw Skill Name: github-safe-sync Version: 1.0.0 The skill provides administrative tools for managing GitHub mirror repositories, including status monitoring, workflow dispatching, and cleanup of sync-related issues and branches. The Python script (scripts/github_safe_sync.py) uses standard libraries to interact with the GitHub API and includes safety features like dry-run modes and limits on destructive operations. The logic specifically handles 'metadata-only' changes (commits affecting only the .github/ directory), which aligns with the stated purpose of managing mirror syncs. No evidence of malicious intent, data exfiltration, or prompt injection was found.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md and the included script all align: the tool talks to the GitHub API to inspect workflows, trigger dispatches, close force-push issues and delete backup branches. Those capabilities are appropriate for a 'safe-sync' mirror management tool. However, the registry metadata declares no required environment variables or primary credential while both SKILL.md and the script require a GITHUB_TOKEN. That mismatch is unexpected and should be corrected.
Instruction Scope
SKILL.md instructions are narrowly scoped to repository mirroring tasks and explicitly instruct the user to set GITHUB_TOKEN and to be cautious (dry-run, re-run status, verify before closing issues or deleting branches). The instructions do not ask for unrelated files or system-wide data. They do, however, permit destructive operations (issue close, git ref delete) which are within the stated purpose but require explicit user consent and a suitably-scoped token.
Install Mechanism
This is an instruction-only skill with no install spec; the included Python script will run when invoked. No untrusted downloads or package installs are performed by the skill itself, so installation risk is low. The main risk is executing the provided script — review it and run it in a controlled environment if unsure.
Credentials
The script requires a GITHUB_TOKEN (read/write) to perform actions; that is proportionate to its features. But the registry metadata does not declare this required env var nor a primary credential, which is an incoherence that can mislead users about required privileges. The code performs PATCH and DELETE operations on repos, so the token must be limited to the minimum necessary scope and repos; granting broad org-level or repo-deletion rights would be dangerous.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system privileges. It does not modify other skills or agent-wide settings. Autonomous invocation is allowed by platform default but not exceptional here; still, because the script can perform destructive repo operations, ensure agent invocation policies and token scope are appropriate.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install github-safe-sync
  3. After installation, invoke the skill by name or use /github-safe-sync
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release.
Metadata
Slug github-safe-sync
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is GitHub Safe Sync?

Inspect, trigger, and clean up GitHub mirror repositories that use a safe-sync GitHub Actions workflow. Use when Codex needs to work on repository mirroring... It is an AI Agent Skill for Claude Code / OpenClaw, with 193 downloads so far.

How do I install GitHub Safe Sync?

Run "/install github-safe-sync" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GitHub Safe Sync free?

Yes, GitHub Safe Sync is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does GitHub Safe Sync support?

GitHub Safe Sync is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GitHub Safe Sync?

It is built and maintained by grey0758 (@grey0758); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments