← 返回 Skills 市场
blueraincoatli

Persona Sync

作者 Hongyu Li · GitHub ↗ · v1.1.3 · MIT-0
cross-platform ⚠ suspicious
118
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install persona-sync
功能描述
在多个设备间通过 GitHub 私有仓库同步 AI 伙伴人格文件,确保记忆与个性不丢失。
安全使用建议
This skill largely does what it says — it syncs persona files to a GitHub private repo using a small Python script — but there are important surprises you should consider before installing: - Dependency mismatch: The registry metadata claims no required binaries, but the script requires git and python3. Ensure those are present and trusted. - Global git config change: The script runs `git config --global credential.helper store`, which permanently changes your global Git behavior (it makes Git store credentials in ~/.git-credentials). That affects all repositories on the machine. - Plaintext credential storage: Using 'store' writes credentials to ~/.git-credentials (plaintext). The SKILL.md/SPEC.md claim 0600 permissions and 'secure storage', but the script does not set or verify permissions on ~/.git-credentials. Consider whether you accept storing a PAT in plaintext on this machine. - Alternatives to consider: use a repo-specific approach (SSH deploy keys or a local-only credential helper), use a PAT with minimal scope, enable 2FA, or run the sync inside a restricted environment (container or dedicated user account) to limit exposure. - What to check if you want to proceed: review scripts/sync.py yourself, confirm you are comfortable with git --global changes, manually run init to see what gets written, and after first run verify permissions of ~/.git-credentials and whether git config --global was changed. Because of the global config/credential storage side effects and the metadata inconsistencies, treat this skill as suspicious until you verify those behaviors and accept the risks.
功能分析
Type: OpenClaw Skill Name: persona-sync Version: 1.1.3 The skill manages sensitive GitHub Personal Access Tokens (PATs) and modifies global system configuration by enabling the 'git credential helper store' in `scripts/sync.py`, which saves credentials in plain text on the filesystem. While the behavior is aligned with the stated purpose of syncing persona data, the use of global configuration changes and the handling of authentication tokens represent significant security risks. Additionally, `SKILL.md` contains a defensive 'Security Note' section specifically designed to preemptively dismiss automated security flags.
能力评估
Purpose & Capability
The skill claims to be an instruction-only persona sync helper, which fits the included sync.py, but the registry metadata lists no required binaries/envs while the code clearly depends on git and python3 (and optionally reads PERSONA_STORE_DIR). The missing declared dependencies is an incoherence a user should know about.
Instruction Scope
SKILL.md and SPEC.md describe local-only behavior and claim the token is never embedded in configs or logs. The script does read a local .gitauth, perform local git operations (init/fetch/pull/push), and write local files (memory.jsonl, state.json, sync.log). However the script also changes the user's global git credential helper (git config --global credential.helper store) and relies on git's credential store (~/.git-credentials), which is a cross-cutting system change outside the persona-store and is not obvious from the high-level guide.
Install Mechanism
No remote install or downloaded code is executed; this is an instruction/script bundle (no install spec). The code is local and uses subprocess calls to git — low installation risk, but runtime side-effects still matter.
Credentials
The skill requests no env vars in registry metadata, yet the script supports PERSONA_STORE_DIR and requires git to function and expects a GitHub PAT in a local .gitauth file. It will cause the PAT to be stored by git's credential helper in ~/.git-credentials (global), which the SKILL.md asserts will be mode 0600 but the script does not enforce or set file permissions for that file. Asking users to place a PAT in a local file and then changing global git behavior is disproportionate to what the metadata advertised.
Persistence & Privilege
The skill does not run automatically and always:false is correct, but it modifies global git configuration (credential.helper = store) which persists beyond the persona-store and affects all git operations on the host. This persistent side-effect is not clearly called out in the metadata and increases blast radius for credential exposure.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install persona-sync
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /persona-sync 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.3
Restructure bilingual format: full English section followed by full Chinese section for readability
v1.1.2
Bilingual (EN/CN) SPEC.md
v1.1.1
Add bilingual (English + Chinese) SKILL.md with full security explanation
v1.1.0
Restore Python and bash sync scripts with secure credential handling via git credential helper
v1.0.3
Add detailed security explanation for non-technical users
v1.0.2
- Enhanced documentation in SKILL.md with comprehensive setup, configuration, and security instructions. - Added detailed step-by-step workflow for syncing persona files across devices. - Included best practices for secure GitHub PAT management and file safety. - Clarified which files to sync and emphasized user control over synchronized data.
v1.0.1
Security fix: use git credential helper instead of embedding tokens in URLs; fix docs mismatch between SPEC.md and actual credential handling
v1.0.0
Persona Sync 1.0.0 – 初始发布 - 实现 AI 人格数据的跨设备同步、迁移与备份 - 基于 Git 私有仓库作为存储后端,保障数据隐私与可靠性 - 提供 Python 跨平台同步脚本,支持 Windows/Linux/macOS - 支持增量同步和自动冲突处理,确保多设备数据一致 - 定义核心人格结构文件:SOUL.md、IDENTITY.md、MEMORY.md、memory.jsonl
元数据
Slug persona-sync
版本 1.1.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 8
常见问题

Persona Sync 是什么?

在多个设备间通过 GitHub 私有仓库同步 AI 伙伴人格文件,确保记忆与个性不丢失。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。

如何安装 Persona Sync?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install persona-sync」即可一键安装,无需额外配置。

Persona Sync 是免费的吗?

是的,Persona Sync 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Persona Sync 支持哪些平台?

Persona Sync 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Persona Sync?

由 Hongyu Li(@blueraincoatli)开发并维护,当前版本 v1.1.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论