← 返回 Skills 市场
Git Sync
作者
LookUpMark
· GitHub ↗
· v1.3.0
· MIT-0
140
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install lookupmark-git-sync
功能描述
Manage whitelisted git repositories from chat. Status, log, diff, pull, push with security controls — only approved repos, write commands need confirmation....
使用说明 (SKILL.md)
Git Sync
Secure git repository management for whitelisted repos.
Usage
# Status of all repos
python3 scripts/git_ctrl.py all
# Status of specific repo
python3 scripts/git_ctrl.py status thesis
python3 scripts/git_ctrl.py status polito
# Recent commits
python3 scripts/git_ctrl.py log thesis -n 20
# Unstaged changes
python3 scripts/git_ctrl.py diff thesis
# Branches
python3 scripts/git_ctrl.py branch thesis
# Fetch (read-only, safe)
python3 scripts/git_ctrl.py fetch thesis
# Pull (requires confirmation)
python3 scripts/git_ctrl.py pull thesis --confirm
# Push (requires confirmation)
python3 scripts/git_ctrl.py push thesis --confirm
Allowed Repos
| Name | Path |
|---|---|
thesis |
~/Documenti/github/thesis |
polito |
~/Documenti/github/polito |
Security
- Whitelist: Only
thesisandpolitorepos are accessible - Read-only by default:
status,log,diff,branch,fetchrun freely - Write requires
--confirm:pull,push,merge,checkoutneed explicit confirmation - Blocked commands:
clean,reset --hard,push --forceare never allowed - No secrets: Output does not expose git credentials or tokens
安全使用建议
This skill appears coherent and minimal, but review these before installing:
- Confirm the whitelist (DEFAULT_REPOS and ~/.config/git-sync/repos.json) are correct; the script will operate on any path equal to or contained under a whitelisted repo path.
- Be aware outputs include raw git stdout/stderr; avoid configuring remotes that embed tokens in URLs and don't assume error messages can't leak sensitive info.
- Test locally from the command line first (the repository paths in the script are user-local and may not exist) and verify the --confirm behavior for pull/push works as you expect.
- Note small doc/implementation mismatches (some advertised commands aren't implemented); if you rely on those, request clarification from the author.
- If you need higher assurance, inspect the repo config file (~/.config/git-sync/repos.json) and the script in your environment to ensure paths and behavior match your security posture.
功能分析
Type: OpenClaw Skill
Name: lookupmark-git-sync
Version: 1.3.0
The skill bundle provides a secure wrapper for git operations on a whitelisted set of repositories. The Python script `scripts/git_ctrl.py` implements strict path validation, enforces a confirmation flag for write operations (pull/push), and uses safe subprocess execution to prevent shell injection. No indicators of data exfiltration, persistence, or malicious prompt injection were found.
能力评估
Purpose & Capability
Name/description describe whitelisted repo management and the package contains a local Python script that runs git commands against a small set of configured repo paths. There are no unexpected environment variables, binaries, or installs required.
Instruction Scope
SKILL.md and the script confine operations to whitelisted repo paths (or subpaths) and require --confirm for write actions. Caveats: SKILL.md claims the output 'does not expose git credentials or tokens' — the script prints git stdout/stderr unchanged, so if a remote URL or git error contains credentials they could appear in output. Also SKILL.md advertises commands like 'show' and 'remote' but the main() implementation does not handle those explicitly; they will not run as expected.
Install Mechanism
Instruction-only skill with no install spec. The included script is executed directly; no external code is downloaded or installed.
Credentials
No environment variables or secrets are requested by the skill. It uses the system git configuration (SSH keys or HTTPS credentials) implicitly when performing push/pull, which is expected for a git wrapper.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide agent settings. It reads a per-user config path (~/.config/git-sync/repos.json) and local repo directories only.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install lookupmark-git-sync - 安装完成后,直接呼叫该 Skill 的名称或使用
/lookupmark-git-sync触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
Removed ghost commands from WRITE_COMMANDS
v1.2.0
Declared git CLI dependency. Documented config file in SKILL.md.
v1.1.0
Config-based repos. Auto stash before pull. Stash count in status. Combined git commands.
v1.0.0
Initial release. Status, log, diff, branch, pull, push. Repo whitelist. Write commands require --confirm.
元数据
常见问题
Git Sync 是什么?
Manage whitelisted git repositories from chat. Status, log, diff, pull, push with security controls — only approved repos, write commands need confirmation.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 140 次。
如何安装 Git Sync?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install lookupmark-git-sync」即可一键安装,无需额外配置。
Git Sync 是免费的吗?
是的,Git Sync 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Git Sync 支持哪些平台?
Git Sync 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Git Sync?
由 LookUpMark(@lookupmark)开发并维护,当前版本 v1.3.0。
推荐 Skills