← 返回 Skills 市场
bradvin

Openclaw Github Sync

作者 Brad Vincent · GitHub ↗ · v0.1.4
cross-platform ⚠ suspicious
548
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install openclaw-github-sync
功能描述
Keep an OpenClaw agent's non-sensitive context (selected memory, MD files, notes, and custom skills) under version control in a separate Git repository for r...
安全使用建议
This skill appears to do exactly what it says: export an allowlisted subset of your OpenClaw workspace and push it to a separate git repo, and optionally pull reviewed changes back. Before installing or using it: 1) Use a private repo you control and set SYNC_REMOTE to its SSH URL. 2) Never automate pulls; only push can be scheduled. 3) Inspect and customize references/export-manifest.txt to ensure nothing sensitive is included. 4) Run the sync first in a dry-run or test workspace, and back up your workspace before performing a first pull (pull can overwrite skills and markdown and thus change agent behavior). 5) Ensure secret scanning is enabled (the included scan_secrets.py runs before commits) and avoid adding ignore rules unless you understand the risk. 6) If you use gh or jq, make sure the corresponding CLI credentials are managed under least-privilege. If you want additional assurance, provide the openclaw.json path and run a dry-run pull (PULL_DRY_RUN=1) to preview changes before applying them.
功能分析
Type: OpenClaw Skill Name: openclaw-github-sync Version: 0.1.4 The skill is designed with strong security controls, including a secret scanner (`scripts/scan_secrets.py`) that blocks commits/pushes if sensitive data is detected, and explicit warnings in `SKILL.md` and `README.md` about the risks of the `pull` operation. However, the `scripts/pull.sh` script allows overwriting agent workspace files (skills, markdown, persona content) from a remote Git repository. While the documentation clearly states this is a 'trust boundary' and 'manual-only' operation, this capability represents a significant prompt injection or remote code execution vulnerability if the designated sync repository is compromised. Additionally, `references/export-manifest.txt` includes the entire `memory/` directory for export, relying solely on the secret scanner to prevent sensitive data exfiltration, which is a point of concern if the scanner has limitations.
能力评估
Purpose & Capability
Name/description promise (export curated workspace files to a separate git repo) matches the included scripts and declared requirements. Required binaries (git, rsync, python3) and required env var (SYNC_REMOTE) are appropriate for pushing/pulling to a git remote. Optional tools (gh, jq) are used only for repo creation or better grouping and are documented as optional.
Instruction Scope
SKILL.md and the scripts focus on exporting allowlisted files, scanning for secrets, committing, pushing, and (manual) pulling. The README and SKILL.md explicitly document the trust boundary, require manual pulls, and warn about pull-induced behavior changes. The only I/O beyond the sync repo/workspace is optional reading of OpenClaw config (openclaw.json) to target per-agent workspace pulls; this is explained in the docs and is coherent with the pull functionality.
Install Mechanism
This is an instruction-only skill with included scripts (no external install spec or remote downloads). No external, untrusted URLs are fetched or executed during normal operation—scripts run locally and use standard system tools. That is a lower-risk install model.
Credentials
The only declared required env var is SYNC_REMOTE (the git remote to push/pull), which is proportionate. Other environment variables used are optional configuration (WORKSPACE_DIR, SYNC_REPO_DIR, PULL_* flags, etc.). The skill does not demand unrelated credentials or broad secrets; Git/SSH authentication is performed against the user-provided remote and is appropriate for the task.
Persistence & Privilege
The skill is not force-included (always:false). It can be run autonomously by the agent (default model invocation allowed), and a nightly push wrapper is provided; this is expected for automation. Important: pull operations can overwrite workspace files (including skills and persona markdown), so manual control is emphasized in the docs — that explicit warning is appropriate but the user should ensure pull is never run automatically without human review.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-github-sync
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-github-sync 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.4
Update to the sync.sh script to ensure the readme.md is built for a sync
v0.1.3
- Added clear trust boundary documentation: emphasized that pulling from sync repo is manual-only, must be human-reviewed, and poses security risks if misused. - Updated setup and workflow guidance to strongly discourage automated or scheduled pulls; pushes remain automatable. - Clarified that a private, least-privilege Git repo should be used, and warned users about potential dangers of inbound pull content. - Expanded prerequisites section: listed required tools, config, and access, and mentioned optional tools for enhanced functionality. - Minor improvements to onboarding, security warnings, and resource descriptions.
v0.1.2
openclaw-github-sync v0.1.2 - Added a homepage URL and metadata (including required binaries and environment variables) in SKILL.md. - No changes to files or functionality.
v0.1.1
Initial release with setup scripts, export manifest, and sync automation. - Added bootstrap and environment setup scripts. - Included scripts for syncing workspace context and creating private GitHub repos. - Provided allowlist export manifest and commit grouping configuration. - Added README and template/reference documentation. - Included initial secret scanning and ignore list resources.
v0.1.0
Initial release of openclaw-github-sync. - Enables syncing of OpenClaw agent's non-sensitive context (memories, MD files, notes, and skills) to a separate Git repository. - Uses an explicit allowlist to export only approved files, ensuring secrets are never synced by default. - Supports one-shot and scheduled (e.g., nightly) syncs with commit grouping and remote push. - Includes setup instructions, example scripts, and template configuration files.
元数据
Slug openclaw-github-sync
版本 0.1.4
许可证
累计安装 0
当前安装数 0
历史版本数 5
常见问题

Openclaw Github Sync 是什么?

Keep an OpenClaw agent's non-sensitive context (selected memory, MD files, notes, and custom skills) under version control in a separate Git repository for r... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 548 次。

如何安装 Openclaw Github Sync?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-github-sync」即可一键安装,无需额外配置。

Openclaw Github Sync 是免费的吗?

是的,Openclaw Github Sync 完全免费(开源免费),可自由下载、安装和使用。

Openclaw Github Sync 支持哪些平台?

Openclaw Github Sync 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Openclaw Github Sync?

由 Brad Vincent(@bradvin)开发并维护,当前版本 v0.1.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论