OpenClaw Sync Bridge

What to consider before installing: - Don't pipe remote scripts to your shell without review. The README/ SKILL.md recommend curl | bash from clawhub.ai — prefer to inspect the script first or use the included local files (install.sh, sync_bridge.py) bundled in the skill. - The skill needs a GitHub token with gist permission. Limit the token scope to only 'gist' and consider using a token dedicated to syncing (not your primary account token). - The code appears to only communicate with api.github.com for Gist operations; sync_config.json (which stores the token) is listed in the ignore rules and should not be uploaded. Still, inspect the code (sync_bridge.py) yourself before trusting it — some parts of the file were truncated in the review and a full read mitigates risk. - The installer will add an alias to your shell rc files and may create $HOME/.local/bin; expect these user-level modifications and back up your dotfiles first. - If you want to be cautious: install locally by copying the included files to a folder, run the local install.sh after reading it, or run python3 sync_bridge.py directly from the package directory. Consider testing in an isolated or disposable environment first. - If you plan to sync across devices, verify the IGNORE_PATTERNS actually cover all sensitive files you don't want uploaded. There is a small implementation nuance where file ignore logic uses substring checks which could have unintended effects — review the code and confirm sensitive files are never sent. If you want, I can: (a) point out the exact lines in sync_bridge.py that implement ignores, create/update Gists, and read/write the token, or (b) produce a safe, minimal checklist and commands to install without contacting clawhub.ai.