ClawHub

Claw Roam

v1.0.3

Sync OpenClaw workspace between multiple machines (local Mac and remote VPS) via Git. Enables seamless migration of OpenClaw personality, memory, and skills. Use when user wants to (1) push workspace changes to remote before shutdown, (2) pull latest workspace on a new machine, (3) check sync status between machines, (4) migrate OpenClaw to another machine.

1· 1.9k·1 current·2 all-time
byReed@reed1898
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior. The SKILL.md and the included shell script implement git-based push/pull/status/sync workflows for ~/.openclaw/workspace. No unrelated services, credentials, or binaries are requested.
Instruction Scope
Instructions and the script operate squarely on the workspace git repo. They automatically add/commit/push changes and suggest cron auto-push and changing Telegram webhooks. These behaviors are expected for a sync tool but carry data-exposure risk: automatic commits/pushes (and recommended cron jobs) can publish secrets or sensitive files to the configured remote if .gitignore is incomplete or the remote is untrusted. The SKILL.md also suggests updating webhook/token settings (operational guidance, not performed by the script).
Install Mechanism
This is an instruction-only skill with a shell script included; there is no install spec that downloads external artifacts. Nothing is fetched from arbitrary URLs or installed automatically by the skill package.
Credentials
The skill declares no required env vars, which is reasonable because it relies on the user's existing git credentials and environment. The script does check the OPENCLAW_VPS environment variable and /etc/openclaw/vps file to detect VPS context (optional behavior), but these are read-only checks. Important: git push/pull operations will use whatever git auth (SSH keys, credential helpers, tokens) the host already has — the skill does not request credentials but will transmit repo contents to whichever remote is configured.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges or modify other skills/config. It does not autonomously install itself or alter global agent settings.
Assessment
This skill is coherent for syncing an OpenClaw workspace via git, but take these precautions before installing/using it: (1) Verify and trust the configured git remote URL — anything you push is sent to that remote. (2) Review and update .gitignore to prevent committing credentials, tokens, keys, or other sensitive files. (3) Avoid enabling the suggested cron auto-push unless you are sure nothing sensitive will be committed automatically. (4) Inspect scripts/claw-roam.sh yourself (it’s included) so you understand exactly what will run. (5) Be aware the script will use whatever git credentials are present on the machine (SSH keys, credential helpers) — it does not ask for or store new credentials. If you want stronger safety, run commands manually or restrict the repo to a private, trusted host.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ayq0d0zpgwd7q44v8zfpq180mt8f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments