ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Github Sync

v0.1.4

Keep an OpenClaw agent's non-sensitive context (selected memory, MD files, notes, and custom skills) under version control in a separate Git repository for r...

0· 486·0 current·0 all-time
byBrad Vincent@bradvin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise (export curated workspace files to a separate git repo) matches the included scripts and declared requirements. Required binaries (git, rsync, python3) and required env var (SYNC_REMOTE) are appropriate for pushing/pulling to a git remote. Optional tools (gh, jq) are used only for repo creation or better grouping and are documented as optional.
Instruction Scope
SKILL.md and the scripts focus on exporting allowlisted files, scanning for secrets, committing, pushing, and (manual) pulling. The README and SKILL.md explicitly document the trust boundary, require manual pulls, and warn about pull-induced behavior changes. The only I/O beyond the sync repo/workspace is optional reading of OpenClaw config (openclaw.json) to target per-agent workspace pulls; this is explained in the docs and is coherent with the pull functionality.
Install Mechanism
This is an instruction-only skill with included scripts (no external install spec or remote downloads). No external, untrusted URLs are fetched or executed during normal operation—scripts run locally and use standard system tools. That is a lower-risk install model.
Credentials
The only declared required env var is SYNC_REMOTE (the git remote to push/pull), which is proportionate. Other environment variables used are optional configuration (WORKSPACE_DIR, SYNC_REPO_DIR, PULL_* flags, etc.). The skill does not demand unrelated credentials or broad secrets; Git/SSH authentication is performed against the user-provided remote and is appropriate for the task.
Persistence & Privilege
The skill is not force-included (always:false). It can be run autonomously by the agent (default model invocation allowed), and a nightly push wrapper is provided; this is expected for automation. Important: pull operations can overwrite workspace files (including skills and persona markdown), so manual control is emphasized in the docs — that explicit warning is appropriate but the user should ensure pull is never run automatically without human review.
Assessment
This skill appears to do exactly what it says: export an allowlisted subset of your OpenClaw workspace and push it to a separate git repo, and optionally pull reviewed changes back. Before installing or using it: 1) Use a private repo you control and set SYNC_REMOTE to its SSH URL. 2) Never automate pulls; only push can be scheduled. 3) Inspect and customize references/export-manifest.txt to ensure nothing sensitive is included. 4) Run the sync first in a dry-run or test workspace, and back up your workspace before performing a first pull (pull can overwrite skills and markdown and thus change agent behavior). 5) Ensure secret scanning is enabled (the included scan_secrets.py runs before commits) and avoid adding ignore rules unless you understand the risk. 6) If you use gh or jq, make sure the corresponding CLI credentials are managed under least-privilege. If you want additional assurance, provide the openclaw.json path and run a dry-run pull (PULL_DRY_RUN=1) to preview changes before applying them.

Like a lobster shell, security has layers — review code before you run it.

latestvk977xqfat4pcm5xy3v5b7b5afh81s8kc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
Binsgit, rsync, python3
EnvSYNC_REMOTE

Comments