功能描述

Backup and restore your OpenClaw workspace to GitHub

使用说明 (SKILL.md)

ClawSync

Name: Publish
Author: nickconstantinou

Backup and restore your OpenClaw workspace to GitHub.

⚠️ Security First

This skill is designed with defense-in-depth. Please read carefully.

What It Backs Up

Category	Files	Status
Skills	All from `$OPENCLAW/skills/`	See notes below
Scripts	All from `$OPENCLAW/scripts/`	See notes below
Project Code	All from `$OPENCLAW/workspace/projects/`	Excluding credentials

What It Does NOT Back Up (Personal/Workspace-Specific)

These files are explicitly excluded as they are personal or workspace-specific:

AGENTS.md, SOUL.md, USER.md, TOOLS.md, IDENTITY.md, HEARTBEAT.md — Personal agent configuration
SITES.md — May contain API keys/secrets
MEMORY.md — Contains sensitive conversation data
Any file in credentials/, .env, node_modules/

What It Excludes

❌ API keys and tokens (any format)
❌ Credentials folder
❌ .env files
❌ node_modules
❌ .git directories
❌ Nested git repositories
❌ Files containing secrets (detected by regex)

Secret Detection

ClawSync scans for these secret patterns:

GitHub tokens (ghp_*)
OpenAI keys (sk-*)
Google API keys (AIza*)
Slack tokens (xoxb-*, xoxp-*)
AWS access keys (AKIA*)
JWTs and bearer tokens
Private keys (-----BEGIN * PRIVATE KEY-----)
High-entropy strings

If any are detected → backup aborts before push.

Environment Variables (Required)

export GITHUB_TOKEN="ghp_xxxx"
export BACKUP_REPO="username/repo-name"
export OPENCLAW_WORKSPACE="${HOME}/openclaw-workspace"

🔐 Recommended: Fine-Grained PAT

For least privilege, use a GitHub Fine-Grained PAT:

Go to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens
Create new token with:
- Repository access: Only $BACKUP_REPO
- Permissions: Contents: Write
Use this token as GITHUB_TOKEN

Quick Start

git clone https://github.com/your-username/clawsync.git ~/clawsync
cp .env.example .env
# Edit .env with your values
bash sync.sh

Features

Pre-flight Check: Validates required env vars before running
Strict Whitelist: Only copies explicitly allowed files
Deny List: Filters out .git, credentials, node_modules
Secret Scrubbing: Detects 100+ secret patterns, aborts if found
Safe Restore: Requires --force or confirmation before overwriting

Safe Restore

# With confirmation (default)
bash restore.sh

# Force mode (no prompt)
bash restore.sh --force

Auth

Uses gh CLI if available, falls back to token auth.

Files

sync.sh - Backup script (ShellCheck compliant)
restore.sh - Restore script
.env_example - Template
.gitignore - Blocks secrets

Development & Release

Running Tests Locally

# Set up test workspace
mkdir -p /tmp/test-workspace
echo "test" > /tmp/test-workspace/AGENTS.md
echo "test" > /tmp/test-workspace/USER.md
mkdir -p /tmp/test-workspace/skills /tmp/test-workspace/scripts

# Run integration test
export BACKUP_REPO="test/repo"
export OPENCLAW_WORKSPACE="/tmp/test-workspace"
export GITHUB_TOKEN="dummy"

cd /tmp && rm -rf test-backup-repo && mkdir test-backup-repo
cd test-backup-repo && git init
cp ~/clawsync/sync.sh .
bash sync.sh

Testing Secret Detection

# Create a test file with a fake secret
echo "My API key is ghp_test1234567890abcdefghijklmnopqrstuvwxyz" > /tmp/test-workspace/AGENTS.md

# Run sync - should abort with error
bash sync.sh

# Expected output: "Error: Potential secret detected..."

Security Audit Test (Proves Non-Staged Detection)

This test verifies the script catches secrets BEFORE they are staged:

# Set up test workspace
export BACKUP_REPO="test/repo"
export OPENCLAW_WORKSPACE="/tmp/test-workspace"
export GITHUB_TOKEN="dummy"

# Create workspace with secret in a non-staged file
mkdir -p /tmp/test-workspace
echo "Real API key: sk-realapikey12345678901234567890" > /tmp/test-workspace/AGENTS.md

# Copy sync.sh to temp backup dir
cd /tmp && rm -rf audit-test && mkdir audit-test && cd audit-test
git init
cp ~/clawsync/sync.sh .

# Run sync - should FAIL (catches non-staged secret)
bash sync.sh

# Expected: "Error: Potential secret detected in backup directory!"
# This proves the pre-git-add scanning works

Publishing to ClawHub

The CI runs on every push and pull request:

ShellCheck - Lints bash scripts
Integration test - Verifies backup/restore works

To publish a new version:

git add -A
git commit -m "Release v1.0.x"
git tag v1.0.x
git push origin master --tags

CI will automatically:

Run tests
If tests pass and tag starts with v*, publish to ClawHub

安全使用建议

This skill appears to do what it claims. Before installing or running it: 1) create a fine-grained GitHub PAT limited to the single backup repo (Contents: Write) and set it as GITHUB_TOKEN; 2) test the scripts against a disposable workspace to observe excluded-file behavior and secret-detection false positives; 3) ensure rsync is available (the script falls back to cp which does not preserve excludes, although the secret-scan will abort if it finds leaked secrets); 4) review the included sync.sh/restore.sh yourself so you are comfortable with the exact copy/exclude rules and the git credential helper usage. If you need automatic periodic backups or broader privileges, review and limit the token scope accordingly.

功能分析

Type: OpenClaw Skill Name: publish Version: 1.0.12 The OpenClaw AgentSkills bundle 'publish' is classified as benign. The skill's purpose is to securely backup and restore an OpenClaw workspace to a user-specified GitHub repository. Both the `SKILL.md` documentation and the `sync.sh` and `restore.sh` scripts demonstrate a strong focus on security, including comprehensive secret scanning (using a robust regex pattern) across the entire backup directory before any git operations, explicit exclusion lists for sensitive files (e.g., `SITES.md`, `MEMORY.md`, `.env`, `credentials`), and secure handling of GitHub tokens via `gh auth` or `git credential helper`. The `SKILL.md` also provides clear instructions and even security audit tests, indicating transparency rather than malicious intent or prompt injection attempts. There is no evidence of data exfiltration to unauthorized endpoints, persistence mechanisms, or other malicious behaviors.

能力评估

✓ Purpose & Capability

Name/description (backup/restore to GitHub) match the required env vars (GITHUB_TOKEN, BACKUP_REPO, OPENCLAW_WORKSPACE) and the included scripts. Required inputs and documented behavior are appropriate for a GitHub-based backup tool.

ℹ Instruction Scope

SKILL.md and the two scripts limit operations to copying allowed workspace subfolders, scanning for secrets, and pushing to the configured GitHub repo. Notable caveats: the scripts fallback from rsync to a plain cp which does not apply the same exclude flags (but a comprehensive secret-scan runs afterwards); the secret-detection regex is broad and may produce false positives that abort backups. Otherwise, the instructions do not read unrelated system files or send data to unexpected endpoints.

✓ Install Mechanism

Instruction-only skill with bundled shell scripts; no install spec or remote downloads. Low install risk — nothing is fetched from arbitrary URLs.

✓ Credentials

Requested environment variables are proportional to the task: repository name, workspace path, and GitHub token. The SKILL.md explicitly recommends using a fine-grained PAT limited to the backup repo (good practice).

✓ Persistence & Privilege

always is false and the skill does not request persistent system-wide changes or modify other skills. It runs as an on-demand tool invoked by the agent or user.

版本历史

v1.0.12

- Expanded backup scope to include project code from `$OPENCLAW/workspace/projects/`, excluding credentials. - Updated documentation to clarify excluded files, especially personal/workspace-specific files like AGENTS.md and configuration data. - Removed `scripts/test.sh` from the repository. - Minor updates to `README.md`, `SKILL.md`, and `sync.sh` to align with new backup/exclusion rules.

v1.0.10

- Added scripts/test.sh to the repository. - This addition enables a test script for easier testing or CI integration.

v1.0.9

- Added comprehensive documentation in SKILL.md detailing backup, exclusion, and secret detection policies. - Clarified which files are included/excluded during backup for improved security transparency. - Outlined required environment variables and best practices for GitHub PAT usage. - Provided step-by-step instructions for setup, usage, and local testing, including security audit scenarios. - Documented the CI/CD and release process for easier contribution and publishing.

元数据

Slug publish

版本 1.0.12

许可证 —

累计安装 5

当前安装数 5

历史版本数 3

常见问题

Publish 是什么？

Backup and restore your OpenClaw workspace to GitHub. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 480 次。

如何安装 Publish？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install publish」即可一键安装，无需额外配置。

Publish 是免费的吗？

是的，Publish 完全免费（开源免费），可自由下载、安装和使用。

Publish 支持哪些平台？

Publish 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Publish？

由 nickconstantinou（@nickconstantinou）开发并维护，当前版本 v1.0.12。

Publish