← Back to Skills Marketplace
Elegant Sync
by
russellfei
· GitHub ↗
· v1.0.4
539
Downloads
0
Stars
1
Active Installs
5
Versions
Install in OpenClaw
/install elegant-sync
Description
优雅安全的 OpenClaw 配置同步工具 - 支持选择性备份、.gitignore 规则、版本控制
README (SKILL.md)
Elegant Sync
优雅安全的 OpenClaw 配置同步工具
功能
- 🏷️ 版本化备份 - 每次同步创建 git tag,可回滚任意版本
- 🔒 安全优先 - 不上传配置文件、密钥、敏感信息
- 📂 .gitignore 支持 - 使用项目 .gitignore 规则选择
- 🎯 选择性同步 - 可选择备份哪些目录
- 💾 灾难恢复 - 自动本地备份,支持一键恢复
- 🌿 多实例独立分支 - 每个设备一个分支,互不干扰
备份结构
mini-claw/
├── main/ # 介绍文档
├── omen16/ # 设备1
├── omen16-2/ # 设备2
└── macbook/ # 设备3
备份内容
| 目录/文件 | 说明 |
|---|---|
| workspace/memory/ | ⭐ 最重要!个人记忆,无价 |
| workspace/AGENTS.md | 代理规范 |
| workspace/IDENTITY.md | 身份信息 |
| workspace/USER.md | 用户信息 |
| workspace/SOUL.md | 灵魂配置 |
| workspace/TOOLS.md | 工具配置 |
| workspace/HEARTBEAT.md | 心跳配置 |
| workspace/skills/ | 自定义技能 |
不备份(安全)
| 目录/文件 | 原因 |
|---|---|
| .env | 含 API 密钥 |
| openclaw.json | 含配置密钥 |
| credentials/ | 凭证信息 |
| .git/ | Git 仓库 |
| logs/ | 日志文件 |
| media/ | 媒体文件 |
配置
1. 配置环境变量
# 在 ~/.openclaw/.backup.env 中配置
BACKUP_REPO=https://github.com/你的用户名/你的仓库名
BACKUP_TOKEN=ghp_xxx
INSTANCE_ID=你的主机名
2. 首次配置提示
运行 /sync 时会自动检测是否已配置,如果没有配置会提示。
多实例管理
当前实例
此机器实例名:opi5b(主机名)
其他实例配置
| 实例 | INSTANCE_ID | 配置示例 |
|---|---|---|
| Orange Pi | opi5b | 默认 |
| Mac | macbook | INSTANCE_ID=macbook |
| VPS | vps-1 | INSTANCE_ID=vps-1 |
恢复流程
场景:新机器或重装系统
1. 安装 OpenClaw
# 在新机器上安装 OpenClaw
2. 克隆备份
git clone https://github.com/你的用户名/你的仓库名
3. 查看分支
cd mini-claw
git branch -a
4. 切换并恢复指定实例
# 例如恢复 omen16
git checkout omen16
cp -r omen16/* ~/.openclaw/workspace/
5. 更新 Instance ID
在新机器的 ~/.openclaw/.backup.env 中更新:
INSTANCE_ID=new-machine-name
6. 验证
node elegant-sync/index.js status
重要原则
Memory 是最宝贵的资产
- 每个实例的 memory 都是无价的
- 备份到私有仓库 (mini-claw)
- 确保无损保留
更新日志
- 2026-02-28 v1.0.1: 修复多实例备份,每个设备独立分支
- 2026-02-28 v1.0.0: 初始版本
Usage Guidance
This skill appears to implement backup-to-git as advertised, but there are several practical risks you should consider before installing: 1) It expects a BACKUP_REPO and BACKUP_TOKEN saved in ~/.openclaw/.backup.env, but the registry metadata does not declare these — verify you are comfortable providing a git token. 2) The code embeds the token into the HTTPS push URL (https://TOKEN@...), which can leak via process lists, git remotes, or logs; prefer using a git credential helper or a deploy token with minimal scopes. 3) The README and SKILL.md claim sensitive files (.env, openclaw.json, credentials/) won't be uploaded, but the code's default ignore list does not include .env, openclaw.json, or credentials/ — unless your workspace .gitignore lists them they may be backed up. Inspect and/or add robust ignore rules before running. 4) The tool does a forced push (--force) to instance branches which can overwrite remote branches; ensure you push to a private backup repo and understand the effects. 5) If you proceed, create a dedicated private repo and a narrowly scoped token (remove repo access after testing), review the index.js source, add explicit ignore entries for all secrets, and run sync with --dry-run first. If you want, I can suggest exact code fixes (add .env/openclaw.json/credentials to ignorePatterns, avoid embedding token in URL, use git credential helper, remove --force) or generate a safer wrapper that uses a credential helper and stricter excludes.
Capability Analysis
Type: OpenClaw Skill
Name: elegant-sync
Version: 1.0.4
The skill bundle is suspicious due to critical vulnerabilities. The `index.js` script is vulnerable to shell injection via unsanitized `BACKUP_TOKEN` and `INSTANCE_ID` values when constructing `git push` commands using `execSync`, potentially leading to remote code execution. Additionally, the script fails to explicitly ignore `.env` and `openclaw.json` files during backup, contradicting security claims in `SKILL.md` and `README.md`, which could lead to unintended exposure of sensitive configuration and API keys if these files exist in the workspace.
Capability Assessment
Purpose & Capability
Name/description match the implementation: the code copies ~/.openclaw/workspace and pushes a per-instance branch/tags to a remote git repo. However the registry metadata declares no required env or credentials while both SKILL.md and index.js expect a BACKUP_REPO and BACKUP_TOKEN stored in ~/.openclaw/.backup.env — this is an inconsistency that should have been declared.
Instruction Scope
SKILL.md and index.js read files under ~/.openclaw (workspace and a .backup.env config file). The tool constructs a repo URL that embeds the BACKUP_TOKEN and runs git init/commit/push (including --force). Although the docs say it won't upload .env/openclaw.json/credentials/, the code's default ignorePatterns do not include .env, openclaw.json or credentials/ — so unless the user's .gitignore contains those, sensitive files may be copied and pushed. The tool also force-pushes branches, which can overwrite remote history.
Install Mechanism
No install script or external downloads; this is an instruction-only skill with an included index.js. No arbitrary remote code is fetched during install.
Credentials
Requesting BACKUP_REPO and BACKUP_TOKEN is proportionate to backing up to a git host. But those credentials were not declared in the registry metadata. The implementation embeds BACKUP_TOKEN in the HTTPS URL used for git push which can leak the token via process listings, shell history, or remote URL storage. The code attempts to mask the token only in error messages, not in other exposures.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and runs only when invoked. It writes temporary staging under ~/.openclaw and a local backup directory, which is expected for a backup tool.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install elegant-sync - After installation, invoke the skill by name or use
/elegant-sync - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
- Internal changes in index.js; no user-facing updates.
- No SKILL.md documentation updates in this version.
v1.0.3
- 更新默认备份仓库地址为用户自有仓库(不再指向 russellfei/mini-claw)
- 支持在环境变量中自定义仓库信息,更灵活地适配不同用户
- 文档恢复流程中相应调整克隆命令和相关指引
- 其他说明文本微调,提升可读性
v1.0.2
- 新增 _meta.json 文件,增加元数据支持
- 更新 index.js,优化或修正功能细节
- 文档保持不变,无功能变更说明
v1.0.1
修复多实例备份,每个设备独立分支
v1.0.0
优雅安全的 OpenClaw 多实例备份工具
Metadata
Frequently Asked Questions
What is Elegant Sync?
优雅安全的 OpenClaw 配置同步工具 - 支持选择性备份、.gitignore 规则、版本控制. It is an AI Agent Skill for Claude Code / OpenClaw, with 539 downloads so far.
How do I install Elegant Sync?
Run "/install elegant-sync" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Elegant Sync free?
Yes, Elegant Sync is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Elegant Sync support?
Elegant Sync is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Elegant Sync?
It is built and maintained by russellfei (@russellfei); the current version is v1.0.4.
More Skills