← 返回 Skills 市场
358
总下载
0
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install github-push
功能描述
Secure GitHub push automation with auto SSH and remote config. Use when git push, automated push, or conflict handling needed.
使用说明 (SKILL.md)
GitHub Push - Secure Auto-Push Tool
Automated GitHub push with:
- Auto SSH Config: Auto-detect and load SSH keys
- Auto Remote Config: Auto-add git remote origin
- Auto Conflict Resolution: Auto pull + rebase + force
- Anti-Ban Mechanism: Rate limiting + commit batching + smart validation
Installation
No external dependencies required. Uses standard Git CLI (always available).
Usage Examples
# Quick push (auto-configures everything)
python3 scripts/github_upload.py --repo owner/repo --path ./files --message "Update"
# Dry run test (no actual push)
python3 scripts/github_upload.py --repo owner/repo --path ./files --dry-run
# Force push (auto-resolves conflicts)
python3 scripts/github_upload.py --repo owner/repo --path ./files --force
# Show version info
python3 scripts/github_upload.py --version
Configuration
Create config.yaml for persistent settings:
defaults:
safe_mode: true
min_delay: 3 # seconds between operations
max_delay: 5 # seconds between operations
batch_commits: true
enable_validation: true
dry_run: false
safety:
max_commits_per_hour: 100
max_pushes_per_hour: 50
min_time_between_pushes: 180 # 3 minutes cooldown
Safety Thresholds
| Metric | Default | Description |
|---|---|---|
| Delay between ops | 3-5s | Randomized delay |
| Push cooldown | 180s | Min time between pushes |
| Max pushes/hour | 50 | Anti-spam limit |
| Max commits/hour | 100 | Anti-automation limit |
Troubleshooting
Error: "Too frequent pushes"
Solution: Wait at least 3 minutes before next push.
Error: "Repository not found"
Solution: Check repository exists and you have push access. Verify SSH key is added to GitHub.
Error: "Permission denied (publickey)"
Solution:
# Load SSH key
ssh-add ~/.ssh/id_ed25519
# Verify SSH connection
ssh -T [email protected]
Error: "Merge conflict"
Solution: The script handles this automatically with pull + rebase + force. Check repository state if issue persists.
Error: "Validation failed"
Solution:
- Check path exists and is accessible
- Verify files don't exceed 100MB (GitHub limit)
- Check for suspicious patterns (e.g., .env, id_rsa)
When Not to Use
- Just viewing GitHub content
- Creating issues or PRs
- Code review
References
references/- Detailed config and API docsscripts/- Full code examples
MIT License - OpenClaw Skill Standard
安全使用建议
This skill does perform the task it advertises but has surprising and risky behavior. Before installing or running it: 1) Inspect the full scripts (especially github_upload.py) to confirm you accept the logic that deletes .git and performs forced pushes. 2) Never run on a production or important repository without a backup—create a copy of the repo first. 3) Prefer running with --dry-run and test in an isolated container or VM. 4) If you need automatic repository creation on GitHub, require a documented GitHub API/token flow—otherwise the "auto-create repo" claim is misleading. 5) If you cannot audit the code, avoid giving it access to your real SSH keys or run it with a throwaway key/account. If you want, I can list the exact code locations (functions/lines) that delete .git, call ssh-add, and perform force-push so you can review them directly.
功能分析
Type: OpenClaw Skill
Name: github-push
Version: 0.1.0
The skill bundle provides automated GitHub push capabilities but includes high-risk, destructive behaviors in `scripts/github_upload.py`. Specifically, the `_init_repo` function unconditionally deletes any existing `.git` directory using `shutil.rmtree` to 're-initialize' the repository, which causes irreversible loss of local git history and metadata. Additionally, the script automatically scans the user's home directory for private SSH keys (`id_rsa`, `id_ed25519`) and attempts to load them into the SSH agent. While these features are documented as 'smart' automation and the script includes a robust list of sensitive file exclusions to prevent accidental secret exfiltration, the combination of destructive file operations and automated credential handling is overly aggressive and poses a risk to user data integrity.
能力评估
Purpose & Capability
The skill's stated goal—automating secure GitHub pushes—generally matches the included code (git commands, ssh-add, remote handling). However there are mismatches: the code claims to "auto-create repo" yet contains no GitHub API calls or credential requirements to create repositories remotely. Also the code re-initializes repositories (removes .git) which is not an expected or benign action for a "safe" push tool and can destroy history.
Instruction Scope
Runtime instructions and the script direct the agent to inspect and modify user SSH state (~/.ssh, ssh-add), manipulate git metadata (init, remove .git), stage/commit/force-push, and auto-resolve conflicts by rebasing and forcing. These go beyond merely calling 'git push' and include destructive operations (deleting .git) and powerful actions (git push -f) that can alter or erase repository history without an explicit, well-scoped user confirmation.
Install Mechanism
No external install mechanism is declared and the skill is delivered as source files (script present). That lowers supply-chain download risk. However this also means the code will run locally with whatever privileges the agent or user grants, so inspect the scripts before running.
Credentials
The skill requests no environment variables, which is consistent with it relying on SSH-based auth. It nevertheless auto-inspects and attempts to load keys from ~/.ssh and invokes 'ssh-add', which accesses private keys and the user's ssh-agent: reasonable for pushing via SSH but sensitive. The lack of any GitHub token or API credential is inconsistent with the claim to auto-create remote repositories.
Persistence & Privilege
always:false (good). However the skill performs filesystem operations with significant side effects (deleting the .git directory, re-initializing repos, force-pushing). Those are persistent, privileged modifications to a user's repository and could cause data loss. The skill does not appear to modify other skills or agent configs, but its file-system actions are high-impact.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install github-push - 安装完成后,直接呼叫该 Skill 的名称或使用
/github-push触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
GitHub Push v0.1.0
- Initial release of secure GitHub push automation tool.
- Features auto SSH key detection, remote config, and conflict handling (auto pull + rebase + force).
- Implements anti-ban protections: rate limiting, push cooldown, and batching.
- Supports easy configuration via config.yaml for safety thresholds and defaults.
- Includes troubleshooting tips for common errors.
元数据
常见问题
Github Push 是什么?
Secure GitHub push automation with auto SSH and remote config. Use when git push, automated push, or conflict handling needed. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 358 次。
如何安装 Github Push?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install github-push」即可一键安装,无需额外配置。
Github Push 是免费的吗?
是的,Github Push 完全免费(开源免费),可自由下载、安装和使用。
Github Push 支持哪些平台?
Github Push 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Github Push?
由 Nima Chu(@nimachu)开发并维护,当前版本 v0.1.0。
推荐 Skills