SPIRIT State Sync
ReviewAudited by ClawScan on May 10, 2026.
Overview
SPIRIT is clear about backing up agent state, but it can continuously sync sensitive memory, identity, and project files to Git using persistent automation that deserves careful review.
Install only if you intentionally want durable agent-state backup. Before first sync, inspect `.spirit-tracked`, use a dedicated private repository, avoid syncing secrets, verify the external `spirit` installer/package, and do not enable cron or auto-backup unless you want continuous background syncing.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private conversations, project details, user preferences, and behavior-shaping agent files could be committed to a repository and later reused; if the repo contents are wrong or tampered with, future agent behavior could also be affected.
The skill intentionally persists sensitive agent memory and instruction/configuration files into Git, where they may be restored and reused across machines or future sessions.
Preserves AI agent identity, memory, and projects to a private Git repository... `SOUL.md` | Behavior/personality guidelines ... `AGENTS.md` | Agent configuration ... `memory/*.md` | Daily conversation logs ... `projects/*.md` | Active project files
Use only a dedicated private repository, review and narrow `.spirit-tracked`, avoid syncing secrets or confidential project files, and consider secret scanning and manual review before enabling automatic sync.
Once enabled, SPIRIT may continue pushing updated state to the configured Git remote on a schedule, even when the user is not actively reviewing each sync.
The guide documents scheduled agent activity and a built-in auto-backup daemon that keep running sync operations after initial setup.
openclaw cron add ... --sessionTarget isolated ... --agentTurn "Run spirit sync for automatic state preservation." ... spirit autobackup --interval=15m
Enable scheduled sync only if you want ongoing background preservation. Regularly inspect crontab/OpenClaw cron jobs, check `spirit autobackup --status`, and disable or remove jobs when no longer needed.
A spoofed or accidental message containing the trigger could cause the agent to run state sync outside the user's intended timing.
This makes a text prefix an authoritative trigger for running a sync command, but the artifact does not describe validating that the message came from the intended scheduled system event.
Then in your agent logic, respond to "SPIRIT:" messages by running `spirit sync`.
Prefer a direct scheduled command or script. If using system events, verify the event source/job ID and avoid triggering sync from arbitrary text prefixes.
Installing the CLI this way trusts the remote installer and whatever it downloads at install time.
The restore instructions include downloading and executing a remote installer script. This is user-directed and purpose-aligned, but it is an unpinned external install path.
curl -fsSL https://theorionai.github.io/spirit/install.sh | bash
Prefer a verified package source, inspect installer scripts before running them, and look for pinned versions, checksums, or signed releases.
Git credentials or SSH access used for the private repository could allow repository reads/writes if mishandled.
The skill relies on GitHub, SSH, or Git credential mechanisms to push to a private repository. This is expected for Git sync, but persistent credential storage is sensitive.
gh auth login ... git config credential.helper cache # or 'store' for persistence
Use least-privilege repository access, prefer SSH keys or GitHub CLI over token-in-URL patterns, and avoid `credential.helper store` unless you understand where credentials are saved.