← Back to Skills Marketplace
385
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install git-backup-publish
Description
Backup OpenClaw workspace files (docs, memory, skills) to a private Git repo (Gitee/GitHub/GitLab) for data safety and migration.
README (SKILL.md)
Git Backup
Backup OpenClaw agent workspace to Git repository for data safety and migration capability.
Author: 徐琛 ([email protected])
License: Apache 2.0
⚠️ 使用前必读
使用此技能前,你需要准备:
| 信息 | 如何获取 |
|---|---|
| Git 平台 Token | Gitee: https://gitee.com/profile/personal_access_tokens\x3Cbr>GitHub: https://github.com/settings/tokens\x3Cbr>GitLab: https://gitlab.com/-/profile/personal_access_tokens |
| Git 用户名 | 你的 Git 平台用户名 |
| Agent 名称 | 你的 agent 标识符(用于仓库命名) |
Token 权限要求:
projects/repo- 创建和管理仓库user_info/read:user- 读取用户信息
Quick Start
1. 创建仓库
# Gitee
curl -X POST "https://gitee.com/api/v5/user/repos" \
-H "Content-Type: application/json" \
-d '{
"access_token": "YOUR_TOKEN",
"name": "openclaw-agent-YOUR_AGENT_NAME",
"description": "OpenClaw Agent Backup",
"private": true,
"auto_init": true
}'
# GitHub (使用 gh cli)
gh repo create openclaw-agent-YOUR_AGENT_NAME --private --description "OpenClaw Agent Backup"
2. 执行备份
export GITEE_TOKEN="your_token_here"
export GITEE_REPO="https://gitee.com/YOUR_USERNAME/openclaw-agent-YOUR_AGENT_NAME.git"
export AGENT_NAME="your_agent_name"
./scripts/backup-to-gitee.sh "Backup message"
3. 配置自动备份(可选)
在你的 HEARTBEAT.md 中添加:
### 文件变更检测与备份
- 检查核心文件变更时自动备份
- 脚本: /path/to/git-backup/scripts/watch-and-backup.sh
备份内容
| 类型 | 文件 |
|---|---|
| 核心文档 | AGENTS.md, SOUL.md, IDENTITY.md, USER.md, MEMORY.md, TOOLS.md, HEARTBEAT.md |
| 记忆 | memory/ 目录 |
| 技能 | skills/ 目录 |
不备份: 数据库、任务脚本、临时文件、.env、密钥等
脚本说明
| 脚本 | 用途 |
|---|---|
setup-gitee.sh |
初始化配置(创建仓库、保存配置) |
backup-to-gitee.sh |
执行备份 |
create-repo.sh |
快速创建仓库工具 |
watch-and-backup.sh |
文件变更监控(用于心跳检测) |
环境变量
| 变量 | 必需 | 说明 |
|---|---|---|
GITEE_TOKEN |
是 | Git 平台的 Personal Access Token |
GITEE_REPO |
是 | 仓库 URL |
AGENT_NAME |
是 | Agent 标识符 |
WORKSPACE_DIR |
否 | 工作区路径,默认 ~/.openclaw/workspace |
安全提示
- 不要将 Token 提交到公开仓库
- 使用环境变量或配置文件存储敏感信息
- 定期轮换 Token
- 使用私有仓库备份敏感数据
支持的平台
- ✅ Gitee(默认)
- ✅ GitHub(修改 API 端点即可)
- ✅ GitLab(修改 API 端点即可)
- ✅ 自建 Git 服务器
Usage Guidance
This skill appears to do what it says (backup selected OpenClaw workspace files to a git repo), but there are important cautions: (1) registry metadata incorrectly omits required environment variables—expect to provide a personal access token (GITEE_TOKEN), repo URL (GITEE_REPO), and AGENT_NAME before use; (2) the scripts embed tokens into HTTPS URLs for git clone/push which can expose tokens (process lists, git config) — prefer using git credential helpers, deploy keys, or configuring remotes without embedding tokens; (3) avoid placing tokens inline in cron entries or plaintext files; instead export them from a secure source or use a credential manager; (4) review the scripts yourself (they are plain shell) and test in an isolated account/repo with minimal token scopes (only repo/project create/push as needed) and rotate the token afterward. If you need, ask for a version that uses SSH deploy keys or a credential helper instead of embedding tokens in URLs, and request the registry metadata be corrected to list the required env vars/primary credential.
Capability Analysis
Type: OpenClaw Skill
Name: git-backup-publish
Version: 1.0.0
The skill provides legitimate workspace backup functionality to Git platforms but contains security vulnerabilities and high-risk patterns. Specifically, `create-repo.sh` and `setup-gitee.sh` are vulnerable to JSON injection because they concatenate shell variables directly into `curl` POST data without sanitization. Additionally, `backup-to-gitee.sh` constructs an authenticated Git URL by embedding the `GITEE_TOKEN` directly into the string, a practice that can leak sensitive credentials through process lists or logs. While the script includes a `.gitignore` to prevent backing up some secrets, the combination of broad file access and unhardened credential handling warrants a suspicious classification.
Capability Assessment
Purpose & Capability
Name/description and the included scripts (create-repo, setup, backup, watcher) are coherent: they create a repo and push selected workspace files. However the registry metadata declared no required environment variables or primary credential while the SKILL.md and scripts clearly require GITEE_TOKEN, GITEE_REPO, and AGENT_NAME. That mismatch is unexplained and worth caution.
Instruction Scope
SKILL.md and scripts limit backups to specific files/dirs and explicitly exclude .env/keys, which is good. But instructions/examples encourage practices that risk credential exposure: embedding personal access tokens into HTTPS clone URLs (AUTH_REPO), and showing an example cron entry that includes GITEE_TOKEN inline. The watcher/daemon and scripts write logs and PID/state files to /tmp and the workspace; they also run network calls to Git hosting APIs. These behaviors are within the backup purpose but include concrete steps that can leak secrets if used as-is.
Install Mechanism
Instruction-only skill with shell scripts; no install spec or external downloads. This has lower install-time risk because nothing is automatically fetched from arbitrary URLs. The included scripts are plain shell and self-contained.
Credentials
The skill requires a personal access token with repo/projects scope, but the registry metadata lists no required env vars or primary credential—an inconsistency. The number and type of secrets requested (GITEE_TOKEN/GITEE_REPO/AGENT_NAME) are reasonable for a backup skill, but how the token is used (embedded in URLs, suggested inline in cron) increases exposure risk beyond what is necessary.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It provides a watcher/daemon and cron examples for persistent backups, which is reasonable for the function. It does not attempt to modify other skills or system-wide agent settings in the provided scripts.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install git-backup-publish - After installation, invoke the skill by name or use
/git-backup-publish - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
首次发布:支持 Gitee/GitHub/GitLab 工作区备份
Metadata
Frequently Asked Questions
What is git-backup?
Backup OpenClaw workspace files (docs, memory, skills) to a private Git repo (Gitee/GitHub/GitLab) for data safety and migration. It is an AI Agent Skill for Claude Code / OpenClaw, with 385 downloads so far.
How do I install git-backup?
Run "/install git-backup-publish" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is git-backup free?
Yes, git-backup is completely free (open-source). You can download, install and use it at no cost.
Which platforms does git-backup support?
git-backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created git-backup?
It is built and maintained by solidexu (@solidexu); the current version is v1.0.0.
More Skills