Data Sync
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent data-sync tool, but it can upload and overwrite Claude configuration, skills, hooks, and memory through a hard-coded root SSH server and GitHub repos, so it needs careful review before use.
Install only if you own and trust the relay server and GitHub repositories listed in sync-registry.md. Back up `~/.claude` first, inspect diffs before every pull or push, avoid syncing secrets, prefer a non-root restricted SSH account, and ensure the GitHub archive is private and access-controlled.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the server or SSH account is not fully controlled by the user, sensitive Claude configuration and memory can be read or modified through the sync process.
The sync target is a fixed external server accessed as root with SSH keys. That is privileged account access and is not scoped to a per-user, least-privilege relay account.
| IP | `129.211.0.193` | | 用户 | `root` | | 认证 | SSH 密钥 |
Use only a user-owned relay, prefer a non-root restricted SSH account or deploy key, and clearly declare the credential and server requirements before installation.
A mistaken or malicious local change in `.claude` or the knowledge base could be committed and propagated to other machines.
`git add -A` stages all changes in the configured repositories, including deletions, and the workflow then commits and pushes them to the relay.
git -C <本机路径> add -A git -C <本机路径> commit -m "sync: <自动生成的变更摘要>" git -C <本机路径> push relay <分支>
Require explicit per-repository and per-file confirmation, show a dry-run diff, avoid blanket `add -A` where possible, and maintain clear rollback instructions.
Private notes may be uploaded to the relay/GitHub archive, and poisoned or incorrect memory content can be pulled back and influence future work.
The skill syncs memory, knowledge-base, skill-factory, and SOP content, which can become persistent context reused by future agent sessions.
| knowledge-base | 记忆库、skill-factory、蒸馏文档、SOP | `<项目根>/VScode辅助工作学习` |
Limit synced paths, exclude secrets and private notes by default, review diffs before pull/push, and consider signed commits or a trusted review branch for memory changes.
A bad commit, compromised relay, or mistaken push can spread altered skills, hooks, configuration, and memory to every synced machine.
The architecture intentionally propagates the relay state across multiple computers.
电脑A ←──(pull/push)──→ 服务器 relay (最新最全) ←──(pull/push)──→ 电脑B
Add containment controls such as signed commits, protected branches, backups before pull, rollback commands, and explicit review before applying remote changes to `.claude`.
Users may over-trust the sync and skip backups or diff review before applying remote changes.
This safety claim is too absolute for a workflow that uses git pull and `git add -A`; remote commits can change or delete tracked files, and `add -A` can stage deletions.
本机数据永远安全——所有操作只增不删,不使用任何破坏性 git 命令
Replace the absolute safety wording with accurate limitations, require backups before high-impact operations, and clearly explain when files can be changed or removed.
The installer may not warn users that shell tools and SSH access are needed before the skill is invoked.
The skill is instruction-only, but the documented workflow depends on git and SSH. This is under-declared setup metadata, although the commands themselves are visible in SKILL.md.
No install spec — this is an instruction-only skill. Required binaries: none.
Declare git and SSH prerequisites in metadata and document the exact server, account, and repository trust assumptions.