ClawHub

Publish

v1.0.12

Backup and restore your OpenClaw workspace to GitHub

1· 438·5 current·5 all-time
by@nickconstantinou
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (backup/restore to GitHub) match the required env vars (GITHUB_TOKEN, BACKUP_REPO, OPENCLAW_WORKSPACE) and the included scripts. Required inputs and documented behavior are appropriate for a GitHub-based backup tool.
Instruction Scope
SKILL.md and the two scripts limit operations to copying allowed workspace subfolders, scanning for secrets, and pushing to the configured GitHub repo. Notable caveats: the scripts fallback from rsync to a plain cp which does not apply the same exclude flags (but a comprehensive secret-scan runs afterwards); the secret-detection regex is broad and may produce false positives that abort backups. Otherwise, the instructions do not read unrelated system files or send data to unexpected endpoints.
Install Mechanism
Instruction-only skill with bundled shell scripts; no install spec or remote downloads. Low install risk — nothing is fetched from arbitrary URLs.
Credentials
Requested environment variables are proportional to the task: repository name, workspace path, and GitHub token. The SKILL.md explicitly recommends using a fine-grained PAT limited to the backup repo (good practice).
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. It runs as an on-demand tool invoked by the agent or user.
Assessment
This skill appears to do what it claims. Before installing or running it: 1) create a fine-grained GitHub PAT limited to the single backup repo (Contents: Write) and set it as GITHUB_TOKEN; 2) test the scripts against a disposable workspace to observe excluded-file behavior and secret-detection false positives; 3) ensure rsync is available (the script falls back to cp which does not preserve excludes, although the secret-scan will abort if it finds leaked secrets); 4) review the included sync.sh/restore.sh yourself so you are comfortable with the exact copy/exclude rules and the git credential helper usage. If you need automatic periodic backups or broader privileges, review and limit the token scope accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ff3gft8wa17cez7vpcyfnjs81w6by

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💾 Clawdis
EnvGITHUB_TOKEN, BACKUP_REPO, OPENCLAW_WORKSPACE

Comments