功能描述

Backup the agent workspace to a GitHub repository. Use when: asked to save/remember something important, after significant changes to memory files, on a sche...

使用说明 (SKILL.md)

Git Backup Skill

Name: Git Backup
Author: netanel-abergel

Load Local Context

CONTEXT_FILE="/opt/ocana/openclaw/workspace/skills/git-backup/.context"
[ -f "$CONTEXT_FILE" ] && source "$CONTEXT_FILE"
# Then use: $GITHUB_ACCOUNT, $REPO_NAME, $WORKSPACE, $GITHUB_TOKEN_FILE, etc.

Minimum Model

Any model. This is pure shell — no reasoning needed.

Step 1 — Find the GitHub Token

Run this to find the token. It checks sources in priority order:

find_github_token() {
  # 1. Check git remote URL (most common)
  TOKEN=$(git -C "$HOME/.openclaw/workspace" remote get-url origin 2>/dev/null \
    | grep -oP 'ghp_[A-Za-z0-9]+' | head -1)
  [ -n "$TOKEN" ] && echo "$TOKEN" && return

  # 2. Check standard environment variables
  [ -n "${GITHUB_TOKEN:-}" ] && echo "$GITHUB_TOKEN" && return
  [ -n "${GH_TOKEN:-}" ] && echo "$GH_TOKEN" && return

  # 3. Check credential files
  for f in ~/.credentials/github*.txt ~/.credentials/gh*.txt; do
    [ -f "$f" ] && cat "$f" | head -1 | tr -d '[:space:]' && return
  done

  # 4. Check ~/.bashrc for embedded token
  TOKEN=$(grep -oP 'ghp_[A-Za-z0-9]+' ~/.bashrc 2>/dev/null | head -1)
  [ -n "$TOKEN" ] && echo "$TOKEN" && return

  # Not found — return empty
  echo ""
}

TOKEN=$(find_github_token)

If TOKEN is empty → stop and ask the owner:

I need a GitHub Personal Access Token to back up your workspace.
Go to: github.com → Settings → Developer Settings → Personal access tokens → Generate new token
Required permission: repo (full)
Send me the token (starts with ghp_)

After receiving the token, save it:

# Save token to credentials file
echo "$TOKEN" > ~/.credentials/github-token.txt
chmod 600 ~/.credentials/github-token.txt

# Update the git remote URL to include the token
git -C "$HOME/.openclaw/workspace" remote set-url origin \
  "https://${TOKEN}@github.com/GITHUB_USERNAME/REPO_NAME.git"

Step 2 — First-Time Setup (Run Once)

Check if the repo already exists

TOKEN=$(find_github_token)
REPO_NAME="pa-workspace-backup"    # change to your repo name
GITHUB_USER="github-username"       # change to your GitHub username

# HTTP 200 = repo exists, 404 = need to create it
STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
  -H "Authorization: token $TOKEN" \
  "https://api.github.com/repos/$GITHUB_USER/$REPO_NAME")

echo "Repo check: HTTP $STATUS"

Create the repo (if HTTP 404)

curl -s -X POST "https://api.github.com/user/repos" \
  -H "Authorization: token $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"name\": \"$REPO_NAME\", \"private\": true, \"description\": \"PA workspace backup\"}" \
  | python3 -c "
import sys, json
d = json.load(sys.stdin)
if 'html_url' in d:
    print('Created:', d['html_url'])
else:
    print('ERROR:', d)
    sys.exit(1)
"

Initialize git (if no .git folder)

cd ~/.openclaw/workspace

# Initialize the repo
git init
git config user.email "[email protected]"
git config user.name "PA Agent"
git remote add origin "https://[email protected]/$GITHUB_USER/$REPO_NAME.git"

# Create .gitignore to exclude secrets and temp files
cat > .gitignore \x3C\x3C 'EOF'
*.log
.env
credentials/
*.key
*.pem
node_modules/
__pycache__/
.DS_Store
EOF

# Initial commit and push
git add -A
git commit -m "Initial workspace backup"
git push -u origin main

Step 3 — Regular Backup

Run this whenever you need to back up:

backup_workspace() {
  WORKSPACE="${1:-$HOME/.openclaw/workspace}"
  cd "$WORKSPACE" || { echo "ERROR: cannot cd to $WORKSPACE"; return 1; }

  # Check for token
  TOKEN=$(find_github_token)
  if [ -z "$TOKEN" ]; then
    echo "BLOCKED: No GitHub token found. Ask owner for PAT."
    return 1
  fi

  # Check git is initialized
  if [ ! -d ".git" ]; then
    echo "BLOCKED: Git not initialized. Run first-time setup first."
    return 1
  fi

  # Stage all changes
  git add -A

  # Count how many files changed
  CHANGES=$(git diff --cached --name-only | wc -l)

  # Nothing to do?
  if [ "$CHANGES" -eq 0 ]; then
    echo "Nothing to backup — workspace unchanged."
    return 0
  fi

  # Commit with timestamp and push
  DATE=$(date -u "+%Y-%m-%d %H:%M UTC")
  git commit -m "Auto backup $DATE"
  git push origin main 2>&1

  echo "Backup complete — $CHANGES files updated."
}

backup_workspace

If push fails with "non-fast-forward":

# Pull remote changes first, then push
git pull --rebase origin main
git push origin main

If push fails with 401 (token expired):

# Ask owner for a new PAT, then update the remote URL
git remote set-url origin "https://[email protected]/GITHUB_USERNAME/REPO_NAME.git"

When to Back Up

Run a backup when:

Owner says "remember this" / "save this"
You update MEMORY.md, SOUL.md, or daily notes
After completing a significant task
On a schedule (see cron config below)

Cron Config

{
  "jobs": [
    {
      "id": "workspace-backup",
      "schedule": "0 */6 * * *",
      "timezone": "UTC",
      "task": "Run git backup of the workspace to GitHub. Use the git-backup skill. Commit all changes and push. Report DONE or BLOCKED.",
      "delivery": {
        "mode": "silent"
      }
    }
  ]
}

Runs every 6 hours silently. Change to "0 23 * * *" for nightly only.

What to Include / Exclude

Always include:

MEMORY.md, SOUL.md, AGENTS.md, TOOLS.md, PA_LIST.md
memory/ — daily notes
skills/ — installed skills
.learnings/ — corrections and learnings
data/ — PA directory and other data
config/ — MCP and other configs

Always exclude (add to .gitignore):

API keys, tokens, secrets
credentials/ directory
Log files (*.log)
Node modules, Python cache

Production Notes

Workspace is at /opt/ocana/openclaw/workspace (not ~/.openclaw/workspace)
GitHub account: netanel-abergel, repo: heleni-memory
After every significant memory update — always push to git (do not batch indefinitely)
After skill updates (like this review) — push immediately

Cost Tips

Very cheap: Pure git/bash — no LLM tokens used during backup
Small model OK: Any model can trigger this skill
Batch: Commit all changes in one git add -A and one push — not file by file
Schedule wisely: Every 6 hours is enough. More frequent = noise in git history

安全使用建议

This skill is coherent with the goal of backing up a workspace, but it takes several risky shortcuts: it scans shell config and credential files looking for a PAT, stores the PAT in plain text (~/.credentials/github-token.txt) and embeds it into the git remote URL (which ends up in .git/config), and recommends automated silent backups that commit all changes. Before installing or enabling it, consider: 1) Use a least-privilege credential (prefer a repo-scoped token or, better, a per-repo deploy key) rather than a full 'repo' PAT. 2) Avoid embedding tokens in the remote URL; use a credential helper or OS keyring so tokens are not stored in repo files. 3) Review and tighten .gitignore and the inclusion list to ensure secrets and PII are excluded; consider a dry-run that reports what would be committed. 4) Require explicit owner approval before any push (don't run fully silent cron pushes), and limit scheduling or make it manual. 5) Remove or restrict the token discovery that reads ~/.bashrc and arbitrary credential files unless you explicitly trust the search locations. If you want, I can suggest a revised SKILL.md that uses more secure token storage and safer push behavior (e.g., using a deploy key, using git credential helpers, and performing a pre-commit secrets scan).

能力标签

requires-oauth-token

能力评估

ℹ Purpose & Capability

Backing up a workspace to GitHub legitimately needs a token and git operations; the instructions align with that purpose. However, the token-discovery steps (searching ~/.bashrc, arbitrary ~/.credentials/* files, and parsing remote URLs) and a hard-coded context path (/opt/ocana/...) are broader than strictly necessary and inconsistent with the rest of the paths used (e.g., ~/.openclaw/workspace).

⚠ Instruction Scope

The SKILL.md directs the agent to read user files not declared anywhere (e.g., ~/.bashrc, ~/.credentials/*), to store the PAT on disk (~/.credentials/github-token.txt), and to rewrite the git remote to embed the PAT in the HTTPS URL. It also instructs committing 'all changes' and pushing automatically on a schedule. These steps can cause secrets to be saved in repo metadata (or .git/config) and may result in sensitive data being pushed to a remote without adequate filtering or safeguards.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — lowest installation risk. The skill operates by running shell commands already present on the system.

ℹ Credentials

No declared environment variables or credentials in metadata, but the instructions require and request a GitHub Personal Access Token with 'repo' scope (full repo permissions). That scope is proportional to pushing commits but is high privilege; the skill neither declares nor documents secure handling beyond chmod 600 and embedding the token in the remote URL (which stores it in plain text). The skill also checks GITHUB_TOKEN/GH_TOKEN and reads various local credential files — access is broader than declared.

⚠ Persistence & Privilege

Although not flagged as always: true, the skill writes persistent state (a token file and a token-embedded git remote) and suggests installing a cron job to run every 6 hours silently. That combination (stored PAT + silent automated pushes) increases the risk of prolonged exfiltration of sensitive workspace content if the repo or token are misconfigured or compromised.

版本历史

v1.0.2

- Added local context loading instructions for path, repo, and token configuration. - Updated workspace and repository references for production use (`/opt/ocana/openclaw/workspace`, `netanel-abergel/heleni-memory`). - Enhanced file inclusion list to cover `PA_LIST.md`. - clarified that after significant memory or skill updates, changes should be pushed to git immediately. - Provided details on production paths and deployment notes.

v1.0.1

reactions rule, close-the-loop, reply-to rules; skill-master analytics hook; skill-analytics added

v1.0.0

Initial release of git-backup — an automated workspace backup tool for GitHub. - Backs up the agent workspace to a GitHub repository using shell scripts. - Automatically discovers and manages GitHub tokens, prompting for a new PAT if necessary. - Handles repository creation, initialization, and secure configuration (including `.gitignore` for secrets). - Provides regular and scheduled backups, including guidance for cron setup. - Documents best practices for inclusion/exclusion of files and low-cost operation.

元数据

Slug git-backup

版本 1.0.2

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 3

常见问题

Git Backup 是什么？

Backup the agent workspace to a GitHub repository. Use when: asked to save/remember something important, after significant changes to memory files, on a sche... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 126 次。

如何安装 Git Backup？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install git-backup」即可一键安装，无需额外配置。

Git Backup 是免费的吗？

是的，Git Backup 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Git Backup 支持哪些平台？

Git Backup 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Git Backup？

由 Netanel Abergel（@netanel-abergel）开发并维护，当前版本 v1.0.2。

Git Backup