← 返回 Skills 市场
gopinathnelluri

SPIRIT State Sync

作者 Gopinath Nelluri · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
772
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install spirit
功能描述
State Preservation & Identity Resurrection Infrastructure Tool (SPIRIT). Preserves AI agent identity, memory, and projects to a private Git repository. NEW:...
安全使用建议
This skill does what it says—it reads agent identity/memory files and syncs them to a Git repo—but check a few things before installing: - Verify the origin of the 'spirit' binary: the registry recommends Homebrew (TheOrionAI/tap) but the docs also suggest running a curl | bash installer from theorionai.github.io. Inspect that install script and prefer package-managed installs if possible. - Confirm you trust TheOrionAI tap/GitHub repo and audit the brew formula or install script source before running. Avoid piping unknown scripts to bash. - Be aware that the tool will read your OpenClaw workspace and ~/.spirit files (sensitive identity/memory). The registry metadata did not declare these config paths—ensure you are comfortable with that access and that you point the tool only at intended directories. - Use a private repository and SSH/gh auth as recommended; never embed tokens in URLs. Double-check your .spirit-tracked file before any sync. - Scheduled syncs (cron, autobackup, OpenClaw cron wake) will repeatedly read and push workspace data. If you want a smaller blast radius, test in an isolated environment first and avoid enabling automated jobs until you’ve validated behavior. If you want a higher-confidence assessment, provide the brew formula, the content of the theorionai.github.io/install.sh script, or the upstream GitHub repo for 'spirit' so those artifacts can be inspected for hidden behavior.
功能分析
Type: OpenClaw Skill Name: spirit Version: 1.1.0 The OpenClaw AgentSkills bundle 'spirit' is designed to preserve AI agent identity and memory by syncing sensitive files (e.g., IDENTITY.md, memory/*.md) from the OpenClaw workspace to a user-configured private Git repository. This involves high-privilege operations including extensive file system access, network communication for Git operations, and persistence via cron jobs (SKILL.md, scripts/spirit-sync-cron.sh, references/cron-setup.md). While the stated purpose is legitimate backup, these capabilities inherently carry significant risk. Furthermore, the installation instructions for the 'spirit' CLI tool itself include a `curl -fsSL ... | bash` command (SKILL.md), which is a critical supply chain vulnerability and potential RCE risk, even if the skill bundle's immediate intent appears to be benign and includes security warnings.
能力评估
Purpose & Capability
The skill is described as a tool that preserves agent identity/memory to a private Git repo. Declaring 'spirit' and 'git' as required binaries is coherent with that purpose. However, the SKILL.md expects access to the OpenClaw workspace path (/root/.openclaw/workspace) and ~/.spirit for tracked config; the registry metadata declares no required config paths. That mismatch between metadata and instructions is a sign of sloppy or incomplete declaration and should be confirmed.
Instruction Scope
The runtime instructions are primarily limited to running 'spirit init/sync', configuring a git remote, and optionally adding cron/OpenClaw scheduled jobs. These actions align with the stated purpose (reading identity/memory files and pushing them to a Git repo). Points to note: SKILL.md references and may read ~/.spirit/.spirit-tracked and workspace files (sensitive agent data), and it tells users to set SPIRIT_SOURCE_DIR (an env var not declared in the registry). There are no unexpected remote endpoints beyond GitHub remotes the user is asked to configure.
Install Mechanism
Registry includes a Homebrew install (TheOrionAI/tap/spirit) which is a reasonable/package-managed mechanism. SKILL.md also suggests running a curl | bash installer from theorionai.github.io for restoration. Having both a brew formula and an ad-hoc install script recommended is inconsistent and increases risk: curl|bash from a GitHub Pages domain is better than a random server but is still higher-risk than a package manager. Confirm which install method you trust and inspect the install script before running it.
Credentials
The skill declares no required environment variables or credentials, which is plausible because it expects the user to configure their git remote/auth (SSH or CLI). But SKILL.md relies on SPIRIT_SOURCE_DIR and paths under /root/.openclaw/workspace — this env var is used at runtime but was not declared. Asking the user to configure git credentials (SSH keys, gh login) is necessary for the feature, but the metadata should have documented expected paths/envs. The lack of declared config paths (despite explicit workspace usage) is a discrepancy.
Persistence & Privilege
The skill is not force-enabled (always: false) and can be invoked by the agent (normal). However, SKILL.md documents cron-based scheduled syncs, an autobackup daemon, and explicit OpenClaw cron integration that can wake the main agent to run syncs — these features give the skill a persistent/automated presence and increase the effective blast radius because they will repeatedly read the workspace and push data to a remote repo. This is coherent with the purpose but worth considering as an elevated privilege.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install spirit
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /spirit 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Add workspace mode with SPIRIT_SOURCE_DIR, symlinked config, optional gh requirement
v0.1.6
Add comprehensive tags for discoverability
v0.1.5
Full display name: State Preservation & Identity Resurrection Infrastructure Tool (SPIRIT)
v0.1.4
Use full name: State Preservation & Identity Resurrection Infrastructure Tool (SPIRIT)
v0.1.3
Security review: Homebrew-only, declared deps, no token-in-URL, review-before-sync warnings
v0.1.2
Add clear acronym definition: State Preservation & Identity Resurrection Infrastructure Tool
v0.1.1
Security fixes: secure auth patterns (gh CLI, credential helper), review-before-run installer guidance
v0.1.0
Initial release: AI agent state preservation with auto-sync support
元数据
Slug spirit
版本 1.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 8
常见问题

SPIRIT State Sync 是什么?

State Preservation & Identity Resurrection Infrastructure Tool (SPIRIT). Preserves AI agent identity, memory, and projects to a private Git repository. NEW:... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 772 次。

如何安装 SPIRIT State Sync?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install spirit」即可一键安装,无需额外配置。

SPIRIT State Sync 是免费的吗?

是的,SPIRIT State Sync 完全免费(开源免费),可自由下载、安装和使用。

SPIRIT State Sync 支持哪些平台?

SPIRIT State Sync 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 SPIRIT State Sync?

由 Gopinath Nelluri(@gopinathnelluri)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论