Description

Backup and restore your OpenClaw workspace to GitHub

README (SKILL.md)

ClawSync

Name: Clawsync
Author: nickconstantinou

Backup and restore your OpenClaw workspace to GitHub.

⚠️ Security First

This skill is designed with defense-in-depth. Please read carefully.

What It Backs Up

Category	Files	Status
Identity Files	AGENTS.md, SOUL.md, USER.md, TOOLS.md, IDENTITY.md, HEARTBEAT.md	✅ Safe
Skills	All from `$OPENCLAW/skills/`	⚠️ Manual review
Scripts	All from `$OPENCLAW/scripts/`	⚠️ Manual review

Why Some Files Are Not Backed Up

The following files are NOT backed up by design:

SITES.md — May contain API keys/secrets
MEMORY.md — May contain sensitive conversation data
Any file in credentials/, .env, node_modules/

What It Excludes

❌ API keys and tokens (any format)
❌ Credentials folder
❌ .env files
❌ node_modules
❌ .git directories
❌ Nested git repositories
❌ Files containing secrets (detected by regex)

Secret Detection

ClawSync scans for these secret patterns:

GitHub tokens (ghp_*)
OpenAI keys (sk-*)
Google API keys (AIza*)
Slack tokens (xoxb-*, xoxp-*)
AWS access keys (AKIA*)
JWTs and bearer tokens
Private keys (-----BEGIN * PRIVATE KEY-----)
High-entropy strings

If any are detected → backup aborts before push.

Environment Variables (Required)

export GITHUB_TOKEN="ghp_xxxx"
export BACKUP_REPO="username/repo-name"
export OPENCLAW_WORKSPACE="${HOME}/openclaw-workspace"

🔐 Recommended: Fine-Grained PAT

For least privilege, use a GitHub Fine-Grained PAT:

Go to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens
Create new token with:
- Repository access: Only $BACKUP_REPO
- Permissions: Contents: Write
Use this token as GITHUB_TOKEN

Quick Start

git clone https://github.com/your-username/clawsync.git ~/clawsync
cp .env.example .env
# Edit .env with your values
bash sync.sh

Features

Pre-flight Check: Validates required env vars before running
Strict Whitelist: Only copies explicitly allowed files
Deny List: Filters out .git, credentials, node_modules
Secret Scrubbing: Detects 100+ secret patterns, aborts if found
Safe Restore: Requires --force or confirmation before overwriting

Safe Restore

# With confirmation (default)
bash restore.sh

# Force mode (no prompt)
bash restore.sh --force

Auth

Uses gh CLI if available, falls back to token auth.

Files

sync.sh - Backup script (ShellCheck compliant)
restore.sh - Restore script
.env_example - Template
.gitignore - Blocks secrets

Development & Release

Running Tests Locally

# Set up test workspace
mkdir -p /tmp/test-workspace
echo "test" > /tmp/test-workspace/AGENTS.md
echo "test" > /tmp/test-workspace/USER.md
mkdir -p /tmp/test-workspace/skills /tmp/test-workspace/scripts

# Run integration test
export BACKUP_REPO="test/repo"
export OPENCLAW_WORKSPACE="/tmp/test-workspace"
export GITHUB_TOKEN="dummy"

cd /tmp && rm -rf test-backup-repo && mkdir test-backup-repo
cd test-backup-repo && git init
cp ~/clawsync/sync.sh .
bash sync.sh

Testing Secret Detection

# Create a test file with a fake secret
echo "My API key is ghp_test1234567890abcdefghijklmnopqrstuvwxyz" > /tmp/test-workspace/AGENTS.md

# Run sync - should abort with error
bash sync.sh

# Expected output: "Error: Potential secret detected..."

Security Audit Test (Proves Non-Staged Detection)

This test verifies the script catches secrets BEFORE they are staged:

# Set up test workspace
export BACKUP_REPO="test/repo"
export OPENCLAW_WORKSPACE="/tmp/test-workspace"
export GITHUB_TOKEN="dummy"

# Create workspace with secret in a non-staged file
mkdir -p /tmp/test-workspace
echo "Real API key: sk-realapikey12345678901234567890" > /tmp/test-workspace/AGENTS.md

# Copy sync.sh to temp backup dir
cd /tmp && rm -rf audit-test && mkdir audit-test && cd audit-test
git init
cp ~/clawsync/sync.sh .

# Run sync - should FAIL (catches non-staged secret)
bash sync.sh

# Expected: "Error: Potential secret detected in backup directory!"
# This proves the pre-git-add scanning works

Publishing to ClawHub

The CI runs on every push and pull request:

ShellCheck - Lints bash scripts
Integration test - Verifies backup/restore works

To publish a new version:

git add -A
git commit -m "Release v1.0.x"
git tag v1.0.x
git push origin master --tags

CI will automatically:

Run tests
If tests pass and tag starts with v*, publish to ClawHub

Usage Guidance

What to consider before installing or running ClawSync: - The core scripts (sync.sh, restore.sh) appear to implement a reasonable backup/restore to GitHub and explicitly exclude known sensitive files and scan for secrets. Using a fine-grained GitHub PAT limited to a single repo (contents: write) is recommended. - Do NOT run restore.sh or sync.sh in your real workspace without inspection first. Instead: clone the skill to a safe location and run it against a temporary test workspace and a test GitHub repo to confirm behavior. - Inspect and sanitize the bundled text files (especially AGENTS.md, SOUL.md, README.md, SITES.md). AGENTS.md contains agent-runtime instructions (e.g., read memory files, 'Don't ask permission. Just do it.', commit/push autonomously) that could cause an agent to read sensitive context or act autonomously if those files are restored into a live agent workspace. - Remove or edit any persona/agent guidance files before restoring to production, and verify MEMORY.md and SITES.md are excluded (scripts already exclude them, but double-check). SITES.md in the bundle contains documented keys which should not be stored in backups. - Investigate the unicode control characters flagged in SKILL.md (use cat -v, hexdump -C, or similar) and remove them; treat that as a red flag until explained by the publisher. - Prefer using gh CLI auth over embedding tokens; if you must use a PAT, rotate it after testing and give it minimal scope. If you want, I can point out exact lines with hidden characters, summarize which files contain agent-behavior directives to remove, or produce a safe checklist to run this skill in a disposable environment first.

Capability Analysis

Type: OpenClaw Skill Name: clawsync Version: 1.0.6 This skill bundle is designed with a strong emphasis on security and privacy. The `sync.sh` and `restore.sh` scripts implement multi-layered protections, including explicit whitelisting for backed-up files, comprehensive denylisting of sensitive files (e.g., `SITES.md`, `MEMORY.md`, `.env`, `credentials`), robust secret detection that aborts operations before data leaves the local system, and secure GitHub authentication methods (gh CLI or git credential helper) to prevent token exposure. Furthermore, the `SKILL.md`, `AGENTS.md`, and `SOUL.md` files contain clear instructions for the AI agent to prioritize security, avoid data exfiltration, and seek confirmation for external actions, demonstrating a consistent security-first approach throughout the skill's design.

Capability Assessment

ℹ Purpose & Capability

Name/description match the requested env vars (GITHUB_TOKEN, BACKUP_REPO, OPENCLAW_WORKSPACE) and the included scripts implement backup/restore to GitHub. That is proportionate. However, the package also contains agent identity/persona files (AGENTS.md, SOUL.md, etc.) that instruct agents to read memory files and to 'commit and push your own changes' — behaviour outside a simple backup/restore feature and potentially able to alter an agent's runtime behavior once restored.

⚠ Instruction Scope

SKILL.md and the shell scripts themselves are limited to copying whitelisted files, excluding sensitive files, scanning for secrets, and pushing to GitHub — all within the stated purpose. But AGENTS.md contains explicit runtime instructions for an assistant (e.g., read memory files, 'Don't ask permission. Just do it.', commit and push changes) that could cause an agent to read or transmit sensitive context or act autonomously after restoration. Additionally, SKILL.md contains unicode control characters (prompt-injection signal), which is suspicious and should be inspected/removed.

✓ Install Mechanism

No install spec; this is instruction/code-only and uses plain shell scripts. Nothing is downloaded from arbitrary URLs or installed from untrusted registries. Risk from install mechanism itself is low.

✓ Credentials

Requested env vars are exactly those needed for the described GitHub backup/restore workflow. The scripts use GITHUB_TOKEN carefully (credential helper or gh CLI) and avoid exposing the token on the command line. No unrelated credentials or broad access requests are present.

⚠ Persistence & Privilege

The skill does not request always:true and does not modify other skills. However, because it restores identity and agent-behavior files (AGENTS.md, SOUL.md, MEMORY-related guidance) into the workspace, restoring this repo could change how an agent operates (including instructions to act without asking). That persistence of behavioral directives is a notable risk vector and should be treated cautiously.

Version History

v1.0.6

ClawSync 1.0.6 - Improved secret detection: now scans for secrets in backup directories before git add, catching non-staged secrets. - Added a dedicated Security Audit Test example in docs to verify pre-staging secret detection. - Updated documentation to clarify secret handling and expected script behavior. - Minor changes in SITES.md, SKILL.md, sync.sh, and restore.sh for clearer communication and reproducible local testing.

v1.0.5

**Expanded secret scanning and improved security documentation.** - Enhanced SKILL.md with detailed security warnings and list of secret patterns detected - Clarified files that are backed up vs. excluded, with specific rationale for each - Added section on using fine-grained GitHub PATs for recommended security - Provided new example/test for secret detection before backup - Documented that secret scan now covers 100+ patterns and aborts on detection

v1.0.2

**Changelog v1.0.2 – Major improvements and new safety features** - Added validation for required environment variables before running. - Expanded backed-up identity files: now includes AGENTS.md, SOUL.md, USER.md, MEMORY.md, TOOLS.md, IDENTITY.md, SITES.md, and HEARTBEAT.md. - Introduced strict file whitelisting and a deny list, filtering out .git, credentials, and node_modules folders. - Implemented secret scrubbing to prevent accidental backup of API keys. - Enhanced restore script with safe confirmation and --force option. - Added development documentation and integration tests for easier local testing.

vv1.0.0

Initial release of the ClawBack skill. - Backup and restore your OpenClaw workspace to GitHub. - Backs up skills, scripts, and key identity files; excludes secrets and sensitive files. - Requires setup of GITHUB_TOKEN and other environment variables. - Includes straightforward backup (sync.sh) and restore (restore.sh) scripts. - Ignores secret files and credentials with a pre-configured .gitignore. - Supports authentication using the gh CLI or personal access token.

Metadata

Slug clawsync

Version 1.0.6

License —

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is Clawsync?

Backup and restore your OpenClaw workspace to GitHub. It is an AI Agent Skill for Claude Code / OpenClaw, with 496 downloads so far.

How do I install Clawsync?

Run "/install clawsync" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Clawsync free?

Yes, Clawsync is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Clawsync support?

Clawsync is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Clawsync?

It is built and maintained by nickconstantinou (@nickconstantinou); the current version is v1.0.6.

More Skills

Clawsync