← Back to Skills Marketplace
358
Downloads
0
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install github-push
Description
Secure GitHub push automation with auto SSH and remote config. Use when git push, automated push, or conflict handling needed.
README (SKILL.md)
GitHub Push - Secure Auto-Push Tool
Automated GitHub push with:
- Auto SSH Config: Auto-detect and load SSH keys
- Auto Remote Config: Auto-add git remote origin
- Auto Conflict Resolution: Auto pull + rebase + force
- Anti-Ban Mechanism: Rate limiting + commit batching + smart validation
Installation
No external dependencies required. Uses standard Git CLI (always available).
Usage Examples
# Quick push (auto-configures everything)
python3 scripts/github_upload.py --repo owner/repo --path ./files --message "Update"
# Dry run test (no actual push)
python3 scripts/github_upload.py --repo owner/repo --path ./files --dry-run
# Force push (auto-resolves conflicts)
python3 scripts/github_upload.py --repo owner/repo --path ./files --force
# Show version info
python3 scripts/github_upload.py --version
Configuration
Create config.yaml for persistent settings:
defaults:
safe_mode: true
min_delay: 3 # seconds between operations
max_delay: 5 # seconds between operations
batch_commits: true
enable_validation: true
dry_run: false
safety:
max_commits_per_hour: 100
max_pushes_per_hour: 50
min_time_between_pushes: 180 # 3 minutes cooldown
Safety Thresholds
| Metric | Default | Description |
|---|---|---|
| Delay between ops | 3-5s | Randomized delay |
| Push cooldown | 180s | Min time between pushes |
| Max pushes/hour | 50 | Anti-spam limit |
| Max commits/hour | 100 | Anti-automation limit |
Troubleshooting
Error: "Too frequent pushes"
Solution: Wait at least 3 minutes before next push.
Error: "Repository not found"
Solution: Check repository exists and you have push access. Verify SSH key is added to GitHub.
Error: "Permission denied (publickey)"
Solution:
# Load SSH key
ssh-add ~/.ssh/id_ed25519
# Verify SSH connection
ssh -T [email protected]
Error: "Merge conflict"
Solution: The script handles this automatically with pull + rebase + force. Check repository state if issue persists.
Error: "Validation failed"
Solution:
- Check path exists and is accessible
- Verify files don't exceed 100MB (GitHub limit)
- Check for suspicious patterns (e.g., .env, id_rsa)
When Not to Use
- Just viewing GitHub content
- Creating issues or PRs
- Code review
References
references/- Detailed config and API docsscripts/- Full code examples
MIT License - OpenClaw Skill Standard
Usage Guidance
This skill does perform the task it advertises but has surprising and risky behavior. Before installing or running it: 1) Inspect the full scripts (especially github_upload.py) to confirm you accept the logic that deletes .git and performs forced pushes. 2) Never run on a production or important repository without a backup—create a copy of the repo first. 3) Prefer running with --dry-run and test in an isolated container or VM. 4) If you need automatic repository creation on GitHub, require a documented GitHub API/token flow—otherwise the "auto-create repo" claim is misleading. 5) If you cannot audit the code, avoid giving it access to your real SSH keys or run it with a throwaway key/account. If you want, I can list the exact code locations (functions/lines) that delete .git, call ssh-add, and perform force-push so you can review them directly.
Capability Analysis
Type: OpenClaw Skill
Name: github-push
Version: 0.1.0
The skill bundle provides automated GitHub push capabilities but includes high-risk, destructive behaviors in `scripts/github_upload.py`. Specifically, the `_init_repo` function unconditionally deletes any existing `.git` directory using `shutil.rmtree` to 're-initialize' the repository, which causes irreversible loss of local git history and metadata. Additionally, the script automatically scans the user's home directory for private SSH keys (`id_rsa`, `id_ed25519`) and attempts to load them into the SSH agent. While these features are documented as 'smart' automation and the script includes a robust list of sensitive file exclusions to prevent accidental secret exfiltration, the combination of destructive file operations and automated credential handling is overly aggressive and poses a risk to user data integrity.
Capability Assessment
Purpose & Capability
The skill's stated goal—automating secure GitHub pushes—generally matches the included code (git commands, ssh-add, remote handling). However there are mismatches: the code claims to "auto-create repo" yet contains no GitHub API calls or credential requirements to create repositories remotely. Also the code re-initializes repositories (removes .git) which is not an expected or benign action for a "safe" push tool and can destroy history.
Instruction Scope
Runtime instructions and the script direct the agent to inspect and modify user SSH state (~/.ssh, ssh-add), manipulate git metadata (init, remove .git), stage/commit/force-push, and auto-resolve conflicts by rebasing and forcing. These go beyond merely calling 'git push' and include destructive operations (deleting .git) and powerful actions (git push -f) that can alter or erase repository history without an explicit, well-scoped user confirmation.
Install Mechanism
No external install mechanism is declared and the skill is delivered as source files (script present). That lowers supply-chain download risk. However this also means the code will run locally with whatever privileges the agent or user grants, so inspect the scripts before running.
Credentials
The skill requests no environment variables, which is consistent with it relying on SSH-based auth. It nevertheless auto-inspects and attempts to load keys from ~/.ssh and invokes 'ssh-add', which accesses private keys and the user's ssh-agent: reasonable for pushing via SSH but sensitive. The lack of any GitHub token or API credential is inconsistent with the claim to auto-create remote repositories.
Persistence & Privilege
always:false (good). However the skill performs filesystem operations with significant side effects (deleting the .git directory, re-initializing repos, force-pushing). Those are persistent, privileged modifications to a user's repository and could cause data loss. The skill does not appear to modify other skills or agent configs, but its file-system actions are high-impact.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install github-push - After installation, invoke the skill by name or use
/github-push - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
GitHub Push v0.1.0
- Initial release of secure GitHub push automation tool.
- Features auto SSH key detection, remote config, and conflict handling (auto pull + rebase + force).
- Implements anti-ban protections: rate limiting, push cooldown, and batching.
- Supports easy configuration via config.yaml for safety thresholds and defaults.
- Includes troubleshooting tips for common errors.
Metadata
Frequently Asked Questions
What is Github Push?
Secure GitHub push automation with auto SSH and remote config. Use when git push, automated push, or conflict handling needed. It is an AI Agent Skill for Claude Code / OpenClaw, with 358 downloads so far.
How do I install Github Push?
Run "/install github-push" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Github Push free?
Yes, Github Push is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Github Push support?
Github Push is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Github Push?
It is built and maintained by Nima Chu (@nimachu); the current version is v0.1.0.
More Skills