← Back to Skills Marketplace
blueraincoatli

Persona Sync

by Hongyu Li · GitHub ↗ · v1.1.3 · MIT-0
cross-platform ⚠ suspicious
118
Downloads
0
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install persona-sync
Description
在多个设备间通过 GitHub 私有仓库同步 AI 伙伴人格文件,确保记忆与个性不丢失。
Usage Guidance
This skill largely does what it says — it syncs persona files to a GitHub private repo using a small Python script — but there are important surprises you should consider before installing: - Dependency mismatch: The registry metadata claims no required binaries, but the script requires git and python3. Ensure those are present and trusted. - Global git config change: The script runs `git config --global credential.helper store`, which permanently changes your global Git behavior (it makes Git store credentials in ~/.git-credentials). That affects all repositories on the machine. - Plaintext credential storage: Using 'store' writes credentials to ~/.git-credentials (plaintext). The SKILL.md/SPEC.md claim 0600 permissions and 'secure storage', but the script does not set or verify permissions on ~/.git-credentials. Consider whether you accept storing a PAT in plaintext on this machine. - Alternatives to consider: use a repo-specific approach (SSH deploy keys or a local-only credential helper), use a PAT with minimal scope, enable 2FA, or run the sync inside a restricted environment (container or dedicated user account) to limit exposure. - What to check if you want to proceed: review scripts/sync.py yourself, confirm you are comfortable with git --global changes, manually run init to see what gets written, and after first run verify permissions of ~/.git-credentials and whether git config --global was changed. Because of the global config/credential storage side effects and the metadata inconsistencies, treat this skill as suspicious until you verify those behaviors and accept the risks.
Capability Analysis
Type: OpenClaw Skill Name: persona-sync Version: 1.1.3 The skill manages sensitive GitHub Personal Access Tokens (PATs) and modifies global system configuration by enabling the 'git credential helper store' in `scripts/sync.py`, which saves credentials in plain text on the filesystem. While the behavior is aligned with the stated purpose of syncing persona data, the use of global configuration changes and the handling of authentication tokens represent significant security risks. Additionally, `SKILL.md` contains a defensive 'Security Note' section specifically designed to preemptively dismiss automated security flags.
Capability Assessment
Purpose & Capability
The skill claims to be an instruction-only persona sync helper, which fits the included sync.py, but the registry metadata lists no required binaries/envs while the code clearly depends on git and python3 (and optionally reads PERSONA_STORE_DIR). The missing declared dependencies is an incoherence a user should know about.
Instruction Scope
SKILL.md and SPEC.md describe local-only behavior and claim the token is never embedded in configs or logs. The script does read a local .gitauth, perform local git operations (init/fetch/pull/push), and write local files (memory.jsonl, state.json, sync.log). However the script also changes the user's global git credential helper (git config --global credential.helper store) and relies on git's credential store (~/.git-credentials), which is a cross-cutting system change outside the persona-store and is not obvious from the high-level guide.
Install Mechanism
No remote install or downloaded code is executed; this is an instruction/script bundle (no install spec). The code is local and uses subprocess calls to git — low installation risk, but runtime side-effects still matter.
Credentials
The skill requests no env vars in registry metadata, yet the script supports PERSONA_STORE_DIR and requires git to function and expects a GitHub PAT in a local .gitauth file. It will cause the PAT to be stored by git's credential helper in ~/.git-credentials (global), which the SKILL.md asserts will be mode 0600 but the script does not enforce or set file permissions for that file. Asking users to place a PAT in a local file and then changing global git behavior is disproportionate to what the metadata advertised.
Persistence & Privilege
The skill does not run automatically and always:false is correct, but it modifies global git configuration (credential.helper = store) which persists beyond the persona-store and affects all git operations on the host. This persistent side-effect is not clearly called out in the metadata and increases blast radius for credential exposure.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install persona-sync
  3. After installation, invoke the skill by name or use /persona-sync
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.3
Restructure bilingual format: full English section followed by full Chinese section for readability
v1.1.2
Bilingual (EN/CN) SPEC.md
v1.1.1
Add bilingual (English + Chinese) SKILL.md with full security explanation
v1.1.0
Restore Python and bash sync scripts with secure credential handling via git credential helper
v1.0.3
Add detailed security explanation for non-technical users
v1.0.2
- Enhanced documentation in SKILL.md with comprehensive setup, configuration, and security instructions. - Added detailed step-by-step workflow for syncing persona files across devices. - Included best practices for secure GitHub PAT management and file safety. - Clarified which files to sync and emphasized user control over synchronized data.
v1.0.1
Security fix: use git credential helper instead of embedding tokens in URLs; fix docs mismatch between SPEC.md and actual credential handling
v1.0.0
Persona Sync 1.0.0 – 初始发布 - 实现 AI 人格数据的跨设备同步、迁移与备份 - 基于 Git 私有仓库作为存储后端,保障数据隐私与可靠性 - 提供 Python 跨平台同步脚本,支持 Windows/Linux/macOS - 支持增量同步和自动冲突处理,确保多设备数据一致 - 定义核心人格结构文件:SOUL.md、IDENTITY.md、MEMORY.md、memory.jsonl
Metadata
Slug persona-sync
Version 1.1.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 8
Frequently Asked Questions

What is Persona Sync?

在多个设备间通过 GitHub 私有仓库同步 AI 伙伴人格文件,确保记忆与个性不丢失。 It is an AI Agent Skill for Claude Code / OpenClaw, with 118 downloads so far.

How do I install Persona Sync?

Run "/install persona-sync" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Persona Sync free?

Yes, Persona Sync is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Persona Sync support?

Persona Sync is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Persona Sync?

It is built and maintained by Hongyu Li (@blueraincoatli); the current version is v1.1.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments