← 返回 Skills 市场
russellfei

Elegant Sync

作者 russellfei · GitHub ↗ · v1.0.4
cross-platform ⚠ suspicious
539
总下载
0
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install elegant-sync
功能描述
优雅安全的 OpenClaw 配置同步工具 - 支持选择性备份、.gitignore 规则、版本控制
使用说明 (SKILL.md)

Elegant Sync

优雅安全的 OpenClaw 配置同步工具

功能

  • 🏷️ 版本化备份 - 每次同步创建 git tag,可回滚任意版本
  • 🔒 安全优先 - 不上传配置文件、密钥、敏感信息
  • 📂 .gitignore 支持 - 使用项目 .gitignore 规则选择
  • 🎯 选择性同步 - 可选择备份哪些目录
  • 💾 灾难恢复 - 自动本地备份,支持一键恢复
  • 🌿 多实例独立分支 - 每个设备一个分支,互不干扰

备份结构

mini-claw/
├── main/         # 介绍文档
├── omen16/       # 设备1
├── omen16-2/     # 设备2
└── macbook/      # 设备3

备份内容

目录/文件 说明
workspace/memory/ ⭐ 最重要!个人记忆,无价
workspace/AGENTS.md 代理规范
workspace/IDENTITY.md 身份信息
workspace/USER.md 用户信息
workspace/SOUL.md 灵魂配置
workspace/TOOLS.md 工具配置
workspace/HEARTBEAT.md 心跳配置
workspace/skills/ 自定义技能

不备份(安全)

目录/文件 原因
.env 含 API 密钥
openclaw.json 含配置密钥
credentials/ 凭证信息
.git/ Git 仓库
logs/ 日志文件
media/ 媒体文件

配置

1. 配置环境变量

# 在 ~/.openclaw/.backup.env 中配置
BACKUP_REPO=https://github.com/你的用户名/你的仓库名
BACKUP_TOKEN=ghp_xxx
INSTANCE_ID=你的主机名

2. 首次配置提示

运行 /sync 时会自动检测是否已配置,如果没有配置会提示。

多实例管理

当前实例

此机器实例名:opi5b(主机名)

其他实例配置

实例 INSTANCE_ID 配置示例
Orange Pi opi5b 默认
Mac macbook INSTANCE_ID=macbook
VPS vps-1 INSTANCE_ID=vps-1

恢复流程

场景:新机器或重装系统

1. 安装 OpenClaw

# 在新机器上安装 OpenClaw

2. 克隆备份

git clone https://github.com/你的用户名/你的仓库名

3. 查看分支

cd mini-claw
git branch -a

4. 切换并恢复指定实例

# 例如恢复 omen16
git checkout omen16
cp -r omen16/* ~/.openclaw/workspace/

5. 更新 Instance ID

在新机器的 ~/.openclaw/.backup.env 中更新:

INSTANCE_ID=new-machine-name

6. 验证

node elegant-sync/index.js status

重要原则

Memory 是最宝贵的资产

  • 每个实例的 memory 都是无价的
  • 备份到私有仓库 (mini-claw)
  • 确保无损保留

更新日志

  • 2026-02-28 v1.0.1: 修复多实例备份,每个设备独立分支
  • 2026-02-28 v1.0.0: 初始版本
安全使用建议
This skill appears to implement backup-to-git as advertised, but there are several practical risks you should consider before installing: 1) It expects a BACKUP_REPO and BACKUP_TOKEN saved in ~/.openclaw/.backup.env, but the registry metadata does not declare these — verify you are comfortable providing a git token. 2) The code embeds the token into the HTTPS push URL (https://TOKEN@...), which can leak via process lists, git remotes, or logs; prefer using a git credential helper or a deploy token with minimal scopes. 3) The README and SKILL.md claim sensitive files (.env, openclaw.json, credentials/) won't be uploaded, but the code's default ignore list does not include .env, openclaw.json, or credentials/ — unless your workspace .gitignore lists them they may be backed up. Inspect and/or add robust ignore rules before running. 4) The tool does a forced push (--force) to instance branches which can overwrite remote branches; ensure you push to a private backup repo and understand the effects. 5) If you proceed, create a dedicated private repo and a narrowly scoped token (remove repo access after testing), review the index.js source, add explicit ignore entries for all secrets, and run sync with --dry-run first. If you want, I can suggest exact code fixes (add .env/openclaw.json/credentials to ignorePatterns, avoid embedding token in URL, use git credential helper, remove --force) or generate a safer wrapper that uses a credential helper and stricter excludes.
功能分析
Type: OpenClaw Skill Name: elegant-sync Version: 1.0.4 The skill bundle is suspicious due to critical vulnerabilities. The `index.js` script is vulnerable to shell injection via unsanitized `BACKUP_TOKEN` and `INSTANCE_ID` values when constructing `git push` commands using `execSync`, potentially leading to remote code execution. Additionally, the script fails to explicitly ignore `.env` and `openclaw.json` files during backup, contradicting security claims in `SKILL.md` and `README.md`, which could lead to unintended exposure of sensitive configuration and API keys if these files exist in the workspace.
能力评估
Purpose & Capability
Name/description match the implementation: the code copies ~/.openclaw/workspace and pushes a per-instance branch/tags to a remote git repo. However the registry metadata declares no required env or credentials while both SKILL.md and index.js expect a BACKUP_REPO and BACKUP_TOKEN stored in ~/.openclaw/.backup.env — this is an inconsistency that should have been declared.
Instruction Scope
SKILL.md and index.js read files under ~/.openclaw (workspace and a .backup.env config file). The tool constructs a repo URL that embeds the BACKUP_TOKEN and runs git init/commit/push (including --force). Although the docs say it won't upload .env/openclaw.json/credentials/, the code's default ignorePatterns do not include .env, openclaw.json or credentials/ — so unless the user's .gitignore contains those, sensitive files may be copied and pushed. The tool also force-pushes branches, which can overwrite remote history.
Install Mechanism
No install script or external downloads; this is an instruction-only skill with an included index.js. No arbitrary remote code is fetched during install.
Credentials
Requesting BACKUP_REPO and BACKUP_TOKEN is proportionate to backing up to a git host. But those credentials were not declared in the registry metadata. The implementation embeds BACKUP_TOKEN in the HTTPS URL used for git push which can leak the token via process listings, shell history, or remote URL storage. The code attempts to mask the token only in error messages, not in other exposures.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and runs only when invoked. It writes temporary staging under ~/.openclaw and a local backup directory, which is expected for a backup tool.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install elegant-sync
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /elegant-sync 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
- Internal changes in index.js; no user-facing updates. - No SKILL.md documentation updates in this version.
v1.0.3
- 更新默认备份仓库地址为用户自有仓库(不再指向 russellfei/mini-claw) - 支持在环境变量中自定义仓库信息,更灵活地适配不同用户 - 文档恢复流程中相应调整克隆命令和相关指引 - 其他说明文本微调,提升可读性
v1.0.2
- 新增 _meta.json 文件,增加元数据支持 - 更新 index.js,优化或修正功能细节 - 文档保持不变,无功能变更说明
v1.0.1
修复多实例备份,每个设备独立分支
v1.0.0
优雅安全的 OpenClaw 多实例备份工具
元数据
Slug elegant-sync
版本 1.0.4
许可证
累计安装 1
当前安装数 1
历史版本数 5
常见问题

Elegant Sync 是什么?

优雅安全的 OpenClaw 配置同步工具 - 支持选择性备份、.gitignore 规则、版本控制. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 539 次。

如何安装 Elegant Sync?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install elegant-sync」即可一键安装,无需额外配置。

Elegant Sync 是免费的吗?

是的,Elegant Sync 完全免费(开源免费),可自由下载、安装和使用。

Elegant Sync 支持哪些平台?

Elegant Sync 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Elegant Sync?

由 russellfei(@russellfei)开发并维护,当前版本 v1.0.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论