← 返回 Skills 市场

Github Private Repo SSH Routing

Name: Github Private Repo SSH Routing
Author: darinrowe

作者 DarinRowe · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ✓ 安全检测通过

312

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-private-repo-ssh-routing

功能描述

Diagnose and manage SSH keys, host aliases, and Git remotes for GitHub private repositories in multi-repo environments. Use when deploy keys collide, a machi...

使用说明 (SKILL.md)

GitHub Deploy Key Routing

Treat GitHub private repo access as a routing problem, not just a Git problem.

Core rules

Use one deploy key per private repository unless a machine user is intentionally chosen.
Use one SSH host alias per key.
Point each repo remote at the correct alias explicitly.
Do not rely on a catch-all Host github.com when multiple deploy keys exist.
Verify SSH first, then Git, then push.
If automation is involved, fix both the live repo remote and the config/script source that writes it.

Canonical pattern

Host github.com-backup
    HostName github.com
    User git
    IdentityFile ~/.ssh/openclaw_backup_ed25519
    IdentitiesOnly yes

git remote set-url origin [email protected]:OWNER/REPO.git

Use this skill when the machine has more than one private GitHub repo, more than one SSH key, or any recurring GitHub automation.

Quick triage

If you need the fastest route:

Read references/symptoms.md and match the exact error.
Read references/patterns.md and compare the current alias + remote layout.
Read references/decision-guide.md only if the identity model itself is still undecided.
Read references/openclaw-automation.md only when a script, backup flow, or config value may be rewriting the remote.

Workflow

1. Identify the repo + remote actually in use

Check the local repo path, current remotes, and whether the failing action came from:

an interactive repo command
a backup/sync script
a config file that stores the repo URL
a cron/automation job

If the repo path and the config source differ, do not treat them as the same fix.

2. Identify the key-routing layer

Read references/patterns.md for the standard alias layout. Read references/key-storage-by-system.md when OS-specific key locations or mixed Windows/WSL/macOS behavior may matter.

Ask:

Which SSH alias is the repo using now?
Which key does that alias select?
Is that key actually authorized for this repo?
Is a broad Host github.com rule hijacking traffic?

3. Diagnose by symptom

Read references/symptoms.md and match the exact failure string before changing anything.

4. Choose the right identity model

Read references/decision-guide.md when the user is deciding between:

deploy key
personal SSH key
machine user

Read references/identity-model-boundaries.md when the question is really about where SSH routing ends and GitHub API authority begins — especially for PR merge automation, release creation, or fine-grained PAT vs deploy key decisions.

5. Check automation-specific drift

Read references/openclaw-automation.md when the repo is used by OpenClaw backup/restore, plugins, cron jobs, or config-driven workflows.

6. Fix in the safe order

Fix or add the SSH alias.
Verify with ssh -G \x3Calias>.
Test with ssh -T git@\x3Calias>.
Update the repo remote URL.
Update any config/script source that still writes the old remote.
Verify with git ls-remote origin.
Only then push or pull.

Minimal command set

ls -la ~/.ssh
sed -n '1,200p' ~/.ssh/config
git remote -v
ssh -G \x3Chost-alias> | sed -n '1,40p'
ssh -T git@\x3Chost-alias>
git ls-remote origin

Bundled script

For a read-only audit of one local repo, run:

scripts/audit-routing.sh /path/to/repo

The script summarizes:

repo remotes
inferred SSH alias from origin
~/.ssh files and permissions
~/.ssh/config preview
ssh -G summary for the detected alias

Use the script to inspect before editing.

What to report

Root cause in one sentence
Whether the failure is local config, GitHub permission, or both
The minimal fix
Exactly what changed

安全使用建议

This skill appears to do what it says: local, read-only diagnosis of SSH aliases, keys, and Git remotes. Before running anything: (1) review the audit output yourself — it will list ~./ssh filenames and permissions which are sensitive (don’t paste them in public), (2) run the bundled script only on machines you control, (3) expect the script to require git and ssh on PATH (the metadata omission is just documentation), and (4) follow the SKILL.md advice to inspect before editing remotes or config files (fixing remotes without checking automation sources can lead to config drift). If you need higher assurance, open the script and reference files locally to confirm there are no network calls or hidden write actions (they are not present).

功能分析

Type: OpenClaw Skill Name: github-private-repo-ssh-routing Version: 1.0.1 The skill bundle is a legitimate tool designed to help an AI agent diagnose and manage SSH key routing for GitHub repositories. It includes a diagnostic script (scripts/audit-routing.sh) and comprehensive documentation (SKILL.md, references/*.md) that focus on standard troubleshooting steps like inspecting git remotes and SSH configurations. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.

能力评估

✓ Purpose & Capability

The name/description, README guidance, reference docs, and bundled audit script all focus on SSH alias, key, and Git remote diagnosis for GitHub private repos. The actions (ls ~/.ssh, sed ~/.ssh/config, git remote, ssh -G, ssh -T, git ls-remote) are appropriate for that purpose. Minor metadata omission: the skill metadata lists no required binaries even though the script expects git and ssh; this is an implementation documentation gap, not a functional mismatch.

✓ Instruction Scope

SKILL.md and the script limit themselves to local, read-only inspection and diagnostic commands. They reference only local SSH files, permissions, and git metadata and do not instruct sending data to external endpoints. The script prints filenames and permission info (which is sensitive but relevant to diagnosis); overall the scope stays within the stated troubleshooting domain.

✓ Install Mechanism

There is no install spec (instruction-only with a helper script included), so nothing is downloaded or installed. This minimizes install-time risk.

✓ Credentials

The skill does not request environment variables, credentials, or config paths beyond reading standard SSH and repo files under the user's home directory. Example text references OpenClaw config for context but the skill does not demand access to unrelated secrets or services.

✓ Persistence & Privilege

The skill is not always-enabled and is user-invocable. It does not request persistent installation nor modify other skills or global agent settings. The workflow recommends manual edits by the user; the provided script performs only read-only auditing.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-private-repo-ssh-routing
安装完成后，直接呼叫该 Skill 的名称或使用 /github-private-repo-ssh-routing 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

Add guidance for deploy key vs fine-grained PAT boundaries, PR/release automation decisions, and OpenClaw-specific identity model selection.

v1.0.0

Initial release: Diagnose and manage SSH keys, host aliases, and Git remotes for GitHub private repositories, focused on multi-repo environments. - Documents a canonical SSH host alias and remote pattern for routing deploy keys. - Includes step-by-step troubleshooting and workflow guidance for permission errors and automation scripts. - Provides quick triage instructions and symptom-based diagnosis. - Bundles a script for local SSH/Git/remote/key configuration audit. - Outlines reporting standards and minimal command set for investigation.

元数据

Slug github-private-repo-ssh-routing

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题