← Back to Skills Marketplace
Git Sync
by
LookUpMark
· GitHub ↗
· v1.3.0
· MIT-0
140
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install lookupmark-git-sync
Description
Manage whitelisted git repositories from chat. Status, log, diff, pull, push with security controls — only approved repos, write commands need confirmation....
README (SKILL.md)
Git Sync
Secure git repository management for whitelisted repos.
Usage
# Status of all repos
python3 scripts/git_ctrl.py all
# Status of specific repo
python3 scripts/git_ctrl.py status thesis
python3 scripts/git_ctrl.py status polito
# Recent commits
python3 scripts/git_ctrl.py log thesis -n 20
# Unstaged changes
python3 scripts/git_ctrl.py diff thesis
# Branches
python3 scripts/git_ctrl.py branch thesis
# Fetch (read-only, safe)
python3 scripts/git_ctrl.py fetch thesis
# Pull (requires confirmation)
python3 scripts/git_ctrl.py pull thesis --confirm
# Push (requires confirmation)
python3 scripts/git_ctrl.py push thesis --confirm
Allowed Repos
| Name | Path |
|---|---|
thesis |
~/Documenti/github/thesis |
polito |
~/Documenti/github/polito |
Security
- Whitelist: Only
thesisandpolitorepos are accessible - Read-only by default:
status,log,diff,branch,fetchrun freely - Write requires
--confirm:pull,push,merge,checkoutneed explicit confirmation - Blocked commands:
clean,reset --hard,push --forceare never allowed - No secrets: Output does not expose git credentials or tokens
Usage Guidance
This skill appears coherent and minimal, but review these before installing:
- Confirm the whitelist (DEFAULT_REPOS and ~/.config/git-sync/repos.json) are correct; the script will operate on any path equal to or contained under a whitelisted repo path.
- Be aware outputs include raw git stdout/stderr; avoid configuring remotes that embed tokens in URLs and don't assume error messages can't leak sensitive info.
- Test locally from the command line first (the repository paths in the script are user-local and may not exist) and verify the --confirm behavior for pull/push works as you expect.
- Note small doc/implementation mismatches (some advertised commands aren't implemented); if you rely on those, request clarification from the author.
- If you need higher assurance, inspect the repo config file (~/.config/git-sync/repos.json) and the script in your environment to ensure paths and behavior match your security posture.
Capability Analysis
Type: OpenClaw Skill
Name: lookupmark-git-sync
Version: 1.3.0
The skill bundle provides a secure wrapper for git operations on a whitelisted set of repositories. The Python script `scripts/git_ctrl.py` implements strict path validation, enforces a confirmation flag for write operations (pull/push), and uses safe subprocess execution to prevent shell injection. No indicators of data exfiltration, persistence, or malicious prompt injection were found.
Capability Assessment
Purpose & Capability
Name/description describe whitelisted repo management and the package contains a local Python script that runs git commands against a small set of configured repo paths. There are no unexpected environment variables, binaries, or installs required.
Instruction Scope
SKILL.md and the script confine operations to whitelisted repo paths (or subpaths) and require --confirm for write actions. Caveats: SKILL.md claims the output 'does not expose git credentials or tokens' — the script prints git stdout/stderr unchanged, so if a remote URL or git error contains credentials they could appear in output. Also SKILL.md advertises commands like 'show' and 'remote' but the main() implementation does not handle those explicitly; they will not run as expected.
Install Mechanism
Instruction-only skill with no install spec. The included script is executed directly; no external code is downloaded or installed.
Credentials
No environment variables or secrets are requested by the skill. It uses the system git configuration (SSH keys or HTTPS credentials) implicitly when performing push/pull, which is expected for a git wrapper.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide agent settings. It reads a per-user config path (~/.config/git-sync/repos.json) and local repo directories only.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install lookupmark-git-sync - After installation, invoke the skill by name or use
/lookupmark-git-sync - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
Removed ghost commands from WRITE_COMMANDS
v1.2.0
Declared git CLI dependency. Documented config file in SKILL.md.
v1.1.0
Config-based repos. Auto stash before pull. Stash count in status. Combined git commands.
v1.0.0
Initial release. Status, log, diff, branch, pull, push. Repo whitelist. Write commands require --confirm.
Metadata
Frequently Asked Questions
What is Git Sync?
Manage whitelisted git repositories from chat. Status, log, diff, pull, push with security controls — only approved repos, write commands need confirmation.... It is an AI Agent Skill for Claude Code / OpenClaw, with 140 downloads so far.
How do I install Git Sync?
Run "/install lookupmark-git-sync" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Git Sync free?
Yes, Git Sync is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Git Sync support?
Git Sync is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Git Sync?
It is built and maintained by LookUpMark (@lookupmark); the current version is v1.3.0.
More Skills