ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Git Backup

v1.0.0

Backup the agent workspace to a GitHub repository. Use when: asked to save/remember something important, after significant changes to memory files, on a sche...

0· 10·0 current·0 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Backing up the agent workspace to GitHub legitimately requires a GitHub token and git commands, which the SKILL.md uses. However, the token discovery steps and instructions to alter remote URLs are broader than strictly necessary for a simple backup and exceed a minimal, tight design.
!
Instruction Scope
The SKILL.md instructs the agent to scan multiple locations for tokens (git remote URL, environment variables, ~/.credentials/*, and ~/.bashrc) and to cat credentials files. It also instructs embedding the PAT in the remote URL (writing the token into git config /.git/config and possibly history) and to commit large parts of the workspace (including memory files). These actions can read or expose unrelated secrets and result in pushing sensitive data to an external repo. The .gitignore provided is helpful but not provably comprehensive.
Install Mechanism
Instruction-only skill with no install spec or code files — nothing will be downloaded or written by an installer. This is the lowest install risk.
!
Credentials
The skill does not declare required env vars but accesses GITHUB_TOKEN and GH_TOKEN and several file locations. It requests a full 'repo' PAT from the owner and instructs saving it as plaintext under ~/.credentials and embedding it in the remote URL. Requesting a PAT is expected, but the methods of discovery, storage, and use are disproportionate and insecure (reads arbitrary credential files, seeks tokens in shell config, requires broad repo scope).
Persistence & Privilege
The skill is not always-enabled and has no install persistence. However, the SKILL.md includes a cron schedule example (silent backups every 6 hours) and instructions that, if deployed as-is, could enable recurring autonomous pushes. Combined with the insecure token handling, scheduled/automatic invocation increases risk — but cron is only suggested, not automatically installed by the skill.
What to consider before installing
This skill generally does what it claims, but it asks the agent to search for and store GitHub PATs in ways that are insecure and could expose other secrets. Before installing or running: - Do NOT paste a PAT to the agent or accept a prompt to 'send me the token' unless you fully trust the skill. Instead create the repository yourself and configure authentication outside the agent (e.g., set the remote in the environment or use an SSH deploy key). - Avoid embedding a PAT in the remote URL (https://TOKEN@github.com/...) — that writes the token into .git/config and history. Prefer SSH keys or a token stored in a secure credential store, and use credential helpers that avoid plaintext URLs. - Inspect what will be committed: run git status / git diff and review files before the initial commit. The listed include/exclude rules may miss secrets; ensure all sensitive files are excluded. - Remove or limit the token's scope: if you must use a PAT, create a token with the minimal necessary permissions and rotate it after use. - Reject or modify the token discovery behavior: scanning ~/.bashrc and arbitrary ~/.credentials files is intrusive. If you want automated discovery, restrict it to a single, known, audited credential store and declare the env var(s) the skill will actually use. - Be cautious about scheduling silent backups. If you enable periodic runs, ensure the cron job and repository settings are safe and that the target repo is one you control. If the SKILL.md were rewritten to (1) declare required env vars, (2) stop scanning arbitrary files, (3) avoid instructing token embedding in URLs, and (4) require an explicit manual approval step that shows staged changes before pushing, my assessment would move toward benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk977axctrqx7m8af0cmm2yh9kh840m8r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Git Backup Skill

Minimum Model

Any model. This is pure shell — no reasoning needed.

Step 1 — Find the GitHub Token

Run this to find the token. It checks sources in priority order:

find_github_token() {
  # 1. Check git remote URL (most common)
  TOKEN=$(git -C "$HOME/.openclaw/workspace" remote get-url origin 2>/dev/null \
    | grep -oP 'ghp_[A-Za-z0-9]+' | head -1)
  [ -n "$TOKEN" ] && echo "$TOKEN" && return

  # 2. Check standard environment variables
  [ -n "${GITHUB_TOKEN:-}" ] && echo "$GITHUB_TOKEN" && return
  [ -n "${GH_TOKEN:-}" ] && echo "$GH_TOKEN" && return

  # 3. Check credential files
  for f in ~/.credentials/github*.txt ~/.credentials/gh*.txt; do
    [ -f "$f" ] && cat "$f" | head -1 | tr -d '[:space:]' && return
  done

  # 4. Check ~/.bashrc for embedded token
  TOKEN=$(grep -oP 'ghp_[A-Za-z0-9]+' ~/.bashrc 2>/dev/null | head -1)
  [ -n "$TOKEN" ] && echo "$TOKEN" && return

  # Not found — return empty
  echo ""
}

TOKEN=$(find_github_token)

If TOKEN is empty → stop and ask the owner:

I need a GitHub Personal Access Token to back up your workspace.
Go to: github.com → Settings → Developer Settings → Personal access tokens → Generate new token
Required permission: repo (full)
Send me the token (starts with ghp_)

After receiving the token, save it:

# Save token to credentials file
echo "$TOKEN" > ~/.credentials/github-token.txt
chmod 600 ~/.credentials/github-token.txt

# Update the git remote URL to include the token
git -C "$HOME/.openclaw/workspace" remote set-url origin \
  "https://${TOKEN}@github.com/GITHUB_USERNAME/REPO_NAME.git"

Step 2 — First-Time Setup (Run Once)

Check if the repo already exists

TOKEN=$(find_github_token)
REPO_NAME="pa-workspace-backup"    # change to your repo name
GITHUB_USER="github-username"       # change to your GitHub username

# HTTP 200 = repo exists, 404 = need to create it
STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
  -H "Authorization: token $TOKEN" \
  "https://api.github.com/repos/$GITHUB_USER/$REPO_NAME")

echo "Repo check: HTTP $STATUS"

Create the repo (if HTTP 404)

curl -s -X POST "https://api.github.com/user/repos" \
  -H "Authorization: token $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"name\": \"$REPO_NAME\", \"private\": true, \"description\": \"PA workspace backup\"}" \
  | python3 -c "
import sys, json
d = json.load(sys.stdin)
if 'html_url' in d:
    print('Created:', d['html_url'])
else:
    print('ERROR:', d)
    sys.exit(1)
"

Initialize git (if no .git folder)

cd ~/.openclaw/workspace

# Initialize the repo
git init
git config user.email "agent@openclaw.ai"
git config user.name "PA Agent"
git remote add origin "https://$TOKEN@github.com/$GITHUB_USER/$REPO_NAME.git"

# Create .gitignore to exclude secrets and temp files
cat > .gitignore << 'EOF'
*.log
.env
credentials/
*.key
*.pem
node_modules/
__pycache__/
.DS_Store
EOF

# Initial commit and push
git add -A
git commit -m "Initial workspace backup"
git push -u origin main

Step 3 — Regular Backup

Run this whenever you need to back up:

backup_workspace() {
  WORKSPACE="${1:-$HOME/.openclaw/workspace}"
  cd "$WORKSPACE" || { echo "ERROR: cannot cd to $WORKSPACE"; return 1; }

  # Check for token
  TOKEN=$(find_github_token)
  if [ -z "$TOKEN" ]; then
    echo "BLOCKED: No GitHub token found. Ask owner for PAT."
    return 1
  fi

  # Check git is initialized
  if [ ! -d ".git" ]; then
    echo "BLOCKED: Git not initialized. Run first-time setup first."
    return 1
  fi

  # Stage all changes
  git add -A

  # Count how many files changed
  CHANGES=$(git diff --cached --name-only | wc -l)

  # Nothing to do?
  if [ "$CHANGES" -eq 0 ]; then
    echo "Nothing to backup — workspace unchanged."
    return 0
  fi

  # Commit with timestamp and push
  DATE=$(date -u "+%Y-%m-%d %H:%M UTC")
  git commit -m "Auto backup $DATE"
  git push origin main 2>&1

  echo "Backup complete — $CHANGES files updated."
}

backup_workspace

If push fails with "non-fast-forward":

# Pull remote changes first, then push
git pull --rebase origin main
git push origin main

If push fails with 401 (token expired):

# Ask owner for a new PAT, then update the remote URL
git remote set-url origin "https://NEW_TOKEN@github.com/GITHUB_USERNAME/REPO_NAME.git"

When to Back Up

Run a backup when:

  • Owner says "remember this" / "save this"
  • You update MEMORY.md, SOUL.md, or daily notes
  • After completing a significant task
  • On a schedule (see cron config below)

Cron Config

{
  "jobs": [
    {
      "id": "workspace-backup",
      "schedule": "0 */6 * * *",
      "timezone": "UTC",
      "task": "Run git backup of the workspace to GitHub. Use the git-backup skill. Commit all changes and push. Report DONE or BLOCKED.",
      "delivery": {
        "mode": "silent"
      }
    }
  ]
}

Runs every 6 hours silently. Change to "0 23 * * *" for nightly only.

What to Include / Exclude

Always include:

  • MEMORY.md, SOUL.md, AGENTS.md, TOOLS.md
  • memory/ — daily notes
  • skills/ — installed skills
  • .learnings/ — corrections and learnings
  • data/ — PA directory and other data
  • config/ — MCP and other configs

Always exclude (add to .gitignore):

  • API keys, tokens, secrets
  • credentials/ directory
  • Log files (*.log)
  • Node modules, Python cache

Cost Tips

  • Very cheap: Pure git/bash — no LLM tokens used during backup
  • Small model OK: Any model can trigger this skill
  • Batch: Commit all changes in one git add -A and one push — not file by file
  • Schedule wisely: Every 6 hours is enough. More frequent = noise in git history

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…