← Back to Skills Marketplace
linsheng9731

clawsync

by linsheng9731 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
231
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawgitsync
Description
Git-first backup, migration, restore, and token-protected archive serving for OpenClaw state. Highlights: complete Git-native workflow (`git init/push/pull/m...
README (SKILL.md)

clawsync Skill

clawsync provides backup/migration workflows for OpenClaw with Git-native sync and safer restore behavior.

Install

One-click install (GitHub Releases)

curl -fsSL "https://raw.githubusercontent.com/linsheng9731/clawsync/main/scripts/install.sh" | CLAWSYNC_GH_REPO="linsheng9731/clawsync" bash

Install a specific version:

curl -fsSL "https://raw.githubusercontent.com/linsheng9731/clawsync/main/scripts/install.sh" | CLAWSYNC_GH_REPO="linsheng9731/clawsync" bash -s -- v0.1.8

Default install path: ~/.local/bin/clawsync (override with CLAWSYNC_INSTALL_DIR). Ensure this path is in your PATH.

Local development install

npm install
npm run build
npm link
clawsync --help

Feature Highlights

  • More complete Git-native workflow: first-class clawsync git init, push, pull, and merge commands for branch-based backup and restore.
  • Fine-grained backup scope control: supports --include, --exclude, --ignore-paths, and --workspace-include-globs to precisely control what is archived.
  • Built-in sensitive data sanitization pipeline: supports placeholder replacement for secrets and env recovery script guidance after restore.
  • Richer restore strategies: supports overwrite, skip, and local-first merge with safety defaults (--dry-run, pre-restore snapshot, gateway token preservation).

When To Use

Use this skill when user asks to:

  • back up OpenClaw state to Git or local archive
  • migrate OpenClaw data to another machine
  • restore from archive or Git branch
  • run periodic backups
  • prune old remote backup branches (e.g. keep last 30 days)
  • expose backup archives via local HTTP service

Core Commands

1) Local full migration archive (recommended for machine migration)

clawsync profile full-migrate --dry-run
clawsync profile full-migrate

Default output: ~/.openclaw/migrations Default behavior: workspace/ is collected in full for migration.

2) Git-based sync

clawsync git init --repo-url \x3Cgit-url> --repo-dir ~/.clawsync-repo
clawsync push --repo-dir ~/.clawsync-repo
clawsync pull --repo-dir ~/.clawsync-repo --branch \x3Cbranch> --dry-run
clawsync pull --repo-dir ~/.clawsync-repo --branch \x3Cbranch> --yes
clawsync git prune-branches --repo-dir ~/.clawsync-repo --keep-days 30 --dry-run

3) Restore from local archive

clawsync unpack --from /path/to/archive.tar.gz --dry-run
clawsync unpack --from /path/to/archive.tar.gz --yes

4) Token-protected archive server

clawsync serve --token "\x3Csecret>" --port 7373

Endpoints:

  • GET /health (no token)
  • GET / (simple web UI, token required)
  • GET /archives (token required)
  • GET /download/\x3Cfilename> (token required)
  • POST /upload (token required)
  • POST /backup (localhost-only)
  • POST /restore/\x3Cfilename>?dry_run=1|confirm=1 (localhost-only)

Restore Safety Model

For unpack / pull / merge, the CLI defaults to:

  • high-risk restore confirmation (unless --yes)
  • pre-restore snapshot in /tmp (unless --no-pre-snapshot)
  • preserve local gateway.auth.token (unless --overwrite-gateway-token)
  • check missing env vars and print source env-export.sh when needed

Agent Execution Checklist

When executing restore/migration for users:

  1. Always run --dry-run first.
  2. Show user high-risk paths summary before apply.
  3. Apply with --yes only after explicit confirmation.
  4. If env vars are missing after restore, ask user to run printed source command.
  5. If env vars are already loaded, report gateway status and reconnect reminders.

Security Notes

  • Archives may contain sensitive data (openclaw.json, credentials, sessions).
  • Keep remotes private.
  • Treat serve --token as sensitive; do not share token publicly.
  • Do not expose serve endpoint directly to public internet without TLS/reverse proxy.
Usage Guidance
This skill appears to do what it says (Git-based backup, restore, and local archive serving). Before installing: inspect the install script instead of blindly running curl | bash; prefer installing from a pinned release you review. If you run the serve endpoint, host it behind TLS/reverse proxy and keep the token secret. Review any crontab entries the tool creates. Because this package is instruction-only (no code shipped here), you can't audit the actual runtime code from the registry entry — treat the remote installer and runtime binary as unverified code and consider testing in an isolated environment or reviewing the GitHub repository and release artifacts before trusting production data.
Capability Analysis
Type: OpenClaw Skill Name: clawgitsync Version: 1.0.0 The skill provides backup and migration utilities for OpenClaw state, including a Git-native workflow and a token-protected HTTP server for archives. It is classified as suspicious due to high-risk patterns: it promotes a 'curl | bash' installation method from a third-party GitHub repository (linsheng9731/clawsync), requests 'high' trust permissions, and implements a network listener ('clawsync serve') that exposes sensitive data like credentials and session tokens from ~/.openclaw. While these features are plausibly related to its stated purpose, the combination of broad file access, network exposure of secrets, and unverified remote installation scripts significantly increases the attack surface.
Capability Assessment
Purpose & Capability
Name/description (Git-based backup, restore, token-protected serving) align with required binaries (git, tar, node, crontab) and the documented commands (git init/push/pull, archive/unpack, serve). Declared read/write permissions for ~/.openclaw and ~/.clawsync-repo match the stated purpose.
Instruction Scope
SKILL.md stays on-topic: it tells the agent how to create archives, push/pull with git, unpack/restore, run dry-runs, and serve archives behind a token. It explicitly warns about sensitive data and recommends confirmation steps. It does include network-serving commands (serve --token) and endpoints; serving archives is expected for the stated purpose but increases attack surface and requires careful token handling.
Install Mechanism
Although the skill is instruction-only, the README presents a one-click installer that pipes a script from raw.githubusercontent.com to bash (curl | bash). That pattern executes remote code on install and cannot be audited by the platform. The host is a common release location, but piping unreviewed remote scripts is high risk and worth flagging.
Credentials
The skill does not request unrelated environment variables or secrets. It documents use of a serve token but does not demand any platform credentials. Required binaries and filesystem access (home OpenClaw paths) are proportional to its functionality.
Persistence & Privilege
always:false (normal). The skill's metadata indicates it may listen on the network and read/write OpenClaw directories — appropriate for a local archive server and scheduled backups (crontab). Because network listening increases exposure, users should ensure tokens and firewall/TLS/reverse-proxy controls are used as recommended.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawgitsync
  3. After installation, invoke the skill by name or use /clawgitsync
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of clawsync skill: Git-first backup, migration, restore, and secure archive serving for OpenClaw state. - Provides branch-based Git-native backup and restore workflow (`init`, `push`, `pull`, `merge`, `prune-branches`) - Supports fine-grained backup scope with customizable include/exclude paths and secret sanitization - Enables richer restore strategies (`overwrite`, `skip`, `merge`) with built-in safety checks and snapshotting - Offers one-click install, periodic backup, remote branch pruning, and local token-protected archive server - Security-focused: token-auth, sensitive data handling, restore confirmations, and guidance for safe operation
Metadata
Slug clawgitsync
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is clawsync?

Git-first backup, migration, restore, and token-protected archive serving for OpenClaw state. Highlights: complete Git-native workflow (`git init/push/pull/m... It is an AI Agent Skill for Claude Code / OpenClaw, with 231 downloads so far.

How do I install clawsync?

Run "/install clawgitsync" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is clawsync free?

Yes, clawsync is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does clawsync support?

clawsync is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created clawsync?

It is built and maintained by linsheng9731 (@linsheng9731); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments