← 返回 Skills 市场
linsheng9731

clawsync

作者 linsheng9731 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
231
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install clawgitsync
功能描述
Git-first backup, migration, restore, and token-protected archive serving for OpenClaw state. Highlights: complete Git-native workflow (`git init/push/pull/m...
使用说明 (SKILL.md)

clawsync Skill

clawsync provides backup/migration workflows for OpenClaw with Git-native sync and safer restore behavior.

Install

One-click install (GitHub Releases)

curl -fsSL "https://raw.githubusercontent.com/linsheng9731/clawsync/main/scripts/install.sh" | CLAWSYNC_GH_REPO="linsheng9731/clawsync" bash

Install a specific version:

curl -fsSL "https://raw.githubusercontent.com/linsheng9731/clawsync/main/scripts/install.sh" | CLAWSYNC_GH_REPO="linsheng9731/clawsync" bash -s -- v0.1.8

Default install path: ~/.local/bin/clawsync (override with CLAWSYNC_INSTALL_DIR). Ensure this path is in your PATH.

Local development install

npm install
npm run build
npm link
clawsync --help

Feature Highlights

  • More complete Git-native workflow: first-class clawsync git init, push, pull, and merge commands for branch-based backup and restore.
  • Fine-grained backup scope control: supports --include, --exclude, --ignore-paths, and --workspace-include-globs to precisely control what is archived.
  • Built-in sensitive data sanitization pipeline: supports placeholder replacement for secrets and env recovery script guidance after restore.
  • Richer restore strategies: supports overwrite, skip, and local-first merge with safety defaults (--dry-run, pre-restore snapshot, gateway token preservation).

When To Use

Use this skill when user asks to:

  • back up OpenClaw state to Git or local archive
  • migrate OpenClaw data to another machine
  • restore from archive or Git branch
  • run periodic backups
  • prune old remote backup branches (e.g. keep last 30 days)
  • expose backup archives via local HTTP service

Core Commands

1) Local full migration archive (recommended for machine migration)

clawsync profile full-migrate --dry-run
clawsync profile full-migrate

Default output: ~/.openclaw/migrations Default behavior: workspace/ is collected in full for migration.

2) Git-based sync

clawsync git init --repo-url \x3Cgit-url> --repo-dir ~/.clawsync-repo
clawsync push --repo-dir ~/.clawsync-repo
clawsync pull --repo-dir ~/.clawsync-repo --branch \x3Cbranch> --dry-run
clawsync pull --repo-dir ~/.clawsync-repo --branch \x3Cbranch> --yes
clawsync git prune-branches --repo-dir ~/.clawsync-repo --keep-days 30 --dry-run

3) Restore from local archive

clawsync unpack --from /path/to/archive.tar.gz --dry-run
clawsync unpack --from /path/to/archive.tar.gz --yes

4) Token-protected archive server

clawsync serve --token "\x3Csecret>" --port 7373

Endpoints:

  • GET /health (no token)
  • GET / (simple web UI, token required)
  • GET /archives (token required)
  • GET /download/\x3Cfilename> (token required)
  • POST /upload (token required)
  • POST /backup (localhost-only)
  • POST /restore/\x3Cfilename>?dry_run=1|confirm=1 (localhost-only)

Restore Safety Model

For unpack / pull / merge, the CLI defaults to:

  • high-risk restore confirmation (unless --yes)
  • pre-restore snapshot in /tmp (unless --no-pre-snapshot)
  • preserve local gateway.auth.token (unless --overwrite-gateway-token)
  • check missing env vars and print source env-export.sh when needed

Agent Execution Checklist

When executing restore/migration for users:

  1. Always run --dry-run first.
  2. Show user high-risk paths summary before apply.
  3. Apply with --yes only after explicit confirmation.
  4. If env vars are missing after restore, ask user to run printed source command.
  5. If env vars are already loaded, report gateway status and reconnect reminders.

Security Notes

  • Archives may contain sensitive data (openclaw.json, credentials, sessions).
  • Keep remotes private.
  • Treat serve --token as sensitive; do not share token publicly.
  • Do not expose serve endpoint directly to public internet without TLS/reverse proxy.
安全使用建议
This skill appears to do what it says (Git-based backup, restore, and local archive serving). Before installing: inspect the install script instead of blindly running curl | bash; prefer installing from a pinned release you review. If you run the serve endpoint, host it behind TLS/reverse proxy and keep the token secret. Review any crontab entries the tool creates. Because this package is instruction-only (no code shipped here), you can't audit the actual runtime code from the registry entry — treat the remote installer and runtime binary as unverified code and consider testing in an isolated environment or reviewing the GitHub repository and release artifacts before trusting production data.
功能分析
Type: OpenClaw Skill Name: clawgitsync Version: 1.0.0 The skill provides backup and migration utilities for OpenClaw state, including a Git-native workflow and a token-protected HTTP server for archives. It is classified as suspicious due to high-risk patterns: it promotes a 'curl | bash' installation method from a third-party GitHub repository (linsheng9731/clawsync), requests 'high' trust permissions, and implements a network listener ('clawsync serve') that exposes sensitive data like credentials and session tokens from ~/.openclaw. While these features are plausibly related to its stated purpose, the combination of broad file access, network exposure of secrets, and unverified remote installation scripts significantly increases the attack surface.
能力评估
Purpose & Capability
Name/description (Git-based backup, restore, token-protected serving) align with required binaries (git, tar, node, crontab) and the documented commands (git init/push/pull, archive/unpack, serve). Declared read/write permissions for ~/.openclaw and ~/.clawsync-repo match the stated purpose.
Instruction Scope
SKILL.md stays on-topic: it tells the agent how to create archives, push/pull with git, unpack/restore, run dry-runs, and serve archives behind a token. It explicitly warns about sensitive data and recommends confirmation steps. It does include network-serving commands (serve --token) and endpoints; serving archives is expected for the stated purpose but increases attack surface and requires careful token handling.
Install Mechanism
Although the skill is instruction-only, the README presents a one-click installer that pipes a script from raw.githubusercontent.com to bash (curl | bash). That pattern executes remote code on install and cannot be audited by the platform. The host is a common release location, but piping unreviewed remote scripts is high risk and worth flagging.
Credentials
The skill does not request unrelated environment variables or secrets. It documents use of a serve token but does not demand any platform credentials. Required binaries and filesystem access (home OpenClaw paths) are proportional to its functionality.
Persistence & Privilege
always:false (normal). The skill's metadata indicates it may listen on the network and read/write OpenClaw directories — appropriate for a local archive server and scheduled backups (crontab). Because network listening increases exposure, users should ensure tokens and firewall/TLS/reverse-proxy controls are used as recommended.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install clawgitsync
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /clawgitsync 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of clawsync skill: Git-first backup, migration, restore, and secure archive serving for OpenClaw state. - Provides branch-based Git-native backup and restore workflow (`init`, `push`, `pull`, `merge`, `prune-branches`) - Supports fine-grained backup scope with customizable include/exclude paths and secret sanitization - Enables richer restore strategies (`overwrite`, `skip`, `merge`) with built-in safety checks and snapshotting - Offers one-click install, periodic backup, remote branch pruning, and local token-protected archive server - Security-focused: token-auth, sensitive data handling, restore confirmations, and guidance for safe operation
元数据
Slug clawgitsync
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

clawsync 是什么?

Git-first backup, migration, restore, and token-protected archive serving for OpenClaw state. Highlights: complete Git-native workflow (`git init/push/pull/m... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 231 次。

如何安装 clawsync?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawgitsync」即可一键安装,无需额外配置。

clawsync 是免费的吗?

是的,clawsync 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

clawsync 支持哪些平台?

clawsync 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 clawsync?

由 linsheng9731(@linsheng9731)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论