{ "schemaVersion": "1.0", "item": { "slug": "clawsync", "name": "Clawsync", "source": "tencent", "type": "skill", "category": "效率提升", "sourceUrl": "https://clawhub.ai/nickconstantinou/clawsync", "canonicalUrl": "https://clawhub.ai/nickconstantinou/clawsync", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/clawsync", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=clawsync", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "AGENTS.md", "HEARTBEAT.md", "IDENTITY.md", "README.md", "SITES.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "clawsync", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T12:06:10.419Z", "expiresAt": "2026-05-06T12:06:10.419Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=clawsync", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=clawsync", "contentDisposition": "attachment; filename=\"clawsync-1.0.6.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "clawsync" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/clawsync" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/clawsync", "agentPageUrl": "https://openagent3.xyz/skills/clawsync/agent", "manifestUrl": "https://openagent3.xyz/skills/clawsync/agent.json", "briefUrl": "https://openagent3.xyz/skills/clawsync/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "ClawSync", "body": "Backup and restore your OpenClaw workspace to GitHub." }, { "title": "⚠️ Security First", "body": "This skill is designed with defense-in-depth. Please read carefully." }, { "title": "What It Backs Up", "body": "CategoryFilesStatusIdentity FilesAGENTS.md, SOUL.md, USER.md, TOOLS.md, IDENTITY.md, HEARTBEAT.md✅ SafeSkillsAll from $OPENCLAW/skills/⚠️ Manual reviewScriptsAll from $OPENCLAW/scripts/⚠️ Manual review" }, { "title": "Why Some Files Are Not Backed Up", "body": "The following files are NOT backed up by design:\n\nSITES.md — May contain API keys/secrets\nMEMORY.md — May contain sensitive conversation data\nAny file in credentials/, .env, node_modules/" }, { "title": "What It Excludes", "body": "❌ API keys and tokens (any format)\n❌ Credentials folder\n❌ .env files\n❌ node_modules\n❌ .git directories\n❌ Nested git repositories\n❌ Files containing secrets (detected by regex)" }, { "title": "Secret Detection", "body": "ClawSync scans for these secret patterns:\n\nGitHub tokens (ghp_*)\nOpenAI keys (sk-*)\nGoogle API keys (AIza*)\nSlack tokens (xoxb-*, xoxp-*)\nAWS access keys (AKIA*)\nJWTs and bearer tokens\nPrivate keys (-----BEGIN * PRIVATE KEY-----)\nHigh-entropy strings\n\nIf any are detected → backup aborts before push." }, { "title": "Environment Variables (Required)", "body": "export GITHUB_TOKEN=\"ghp_xxxx\"\nexport BACKUP_REPO=\"username/repo-name\"\nexport OPENCLAW_WORKSPACE=\"${HOME}/openclaw-workspace\"" }, { "title": "🔐 Recommended: Fine-Grained PAT", "body": "For least privilege, use a GitHub Fine-Grained PAT:\n\nGo to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens\nCreate new token with:\n\nRepository access: Only $BACKUP_REPO\nPermissions: Contents: Write\n\n\nUse this token as GITHUB_TOKEN" }, { "title": "Quick Start", "body": "git clone https://github.com/your-username/clawsync.git ~/clawsync\ncp .env.example .env\n# Edit .env with your values\nbash sync.sh" }, { "title": "Features", "body": "Pre-flight Check: Validates required env vars before running\nStrict Whitelist: Only copies explicitly allowed files\nDeny List: Filters out .git, credentials, node_modules\nSecret Scrubbing: Detects 100+ secret patterns, aborts if found\nSafe Restore: Requires --force or confirmation before overwriting" }, { "title": "Safe Restore", "body": "# With confirmation (default)\nbash restore.sh\n\n# Force mode (no prompt)\nbash restore.sh --force" }, { "title": "Auth", "body": "Uses gh CLI if available, falls back to token auth." }, { "title": "Files", "body": "sync.sh - Backup script (ShellCheck compliant)\nrestore.sh - Restore script\n.env_example - Template\n.gitignore - Blocks secrets" }, { "title": "Running Tests Locally", "body": "# Set up test workspace\nmkdir -p /tmp/test-workspace\necho \"test\" > /tmp/test-workspace/AGENTS.md\necho \"test\" > /tmp/test-workspace/USER.md\nmkdir -p /tmp/test-workspace/skills /tmp/test-workspace/scripts\n\n# Run integration test\nexport BACKUP_REPO=\"test/repo\"\nexport OPENCLAW_WORKSPACE=\"/tmp/test-workspace\"\nexport GITHUB_TOKEN=\"dummy\"\n\ncd /tmp && rm -rf test-backup-repo && mkdir test-backup-repo\ncd test-backup-repo && git init\ncp ~/clawsync/sync.sh .\nbash sync.sh" }, { "title": "Testing Secret Detection", "body": "# Create a test file with a fake secret\necho \"My API key is ghp_test1234567890abcdefghijklmnopqrstuvwxyz\" > /tmp/test-workspace/AGENTS.md\n\n# Run sync - should abort with error\nbash sync.sh\n\n# Expected output: \"Error: Potential secret detected...\"" }, { "title": "Security Audit Test (Proves Non-Staged Detection)", "body": "This test verifies the script catches secrets BEFORE they are staged:\n\n# Set up test workspace\nexport BACKUP_REPO=\"test/repo\"\nexport OPENCLAW_WORKSPACE=\"/tmp/test-workspace\"\nexport GITHUB_TOKEN=\"dummy\"\n\n# Create workspace with secret in a non-staged file\nmkdir -p /tmp/test-workspace\necho \"Real API key: sk-realapikey12345678901234567890\" > /tmp/test-workspace/AGENTS.md\n\n# Copy sync.sh to temp backup dir\ncd /tmp && rm -rf audit-test && mkdir audit-test && cd audit-test\ngit init\ncp ~/clawsync/sync.sh .\n\n# Run sync - should FAIL (catches non-staged secret)\nbash sync.sh\n\n# Expected: \"Error: Potential secret detected in backup directory!\"\n# This proves the pre-git-add scanning works" }, { "title": "Publishing to ClawHub", "body": "The CI runs on every push and pull request:\n\nShellCheck - Lints bash scripts\nIntegration test - Verifies backup/restore works\n\nTo publish a new version:\n\ngit add -A\ngit commit -m \"Release v1.0.x\"\ngit tag v1.0.x\ngit push origin master --tags\n\nCI will automatically:\n\nRun tests\nIf tests pass and tag starts with v*, publish to ClawHub" } ], "body": "ClawSync\n\nBackup and restore your OpenClaw workspace to GitHub.\n\n⚠️ Security First\n\nThis skill is designed with defense-in-depth. Please read carefully.\n\nWhat It Backs Up\nCategory\tFiles\tStatus\nIdentity Files\tAGENTS.md, SOUL.md, USER.md, TOOLS.md, IDENTITY.md, HEARTBEAT.md\t✅ Safe\nSkills\tAll from $OPENCLAW/skills/\t⚠️ Manual review\nScripts\tAll from $OPENCLAW/scripts/\t⚠️ Manual review\nWhy Some Files Are Not Backed Up\n\nThe following files are NOT backed up by design:\n\nSITES.md — May contain API keys/secrets\nMEMORY.md — May contain sensitive conversation data\nAny file in credentials/, .env, node_modules/\nWhat It Excludes\n❌ API keys and tokens (any format)\n❌ Credentials folder\n❌ .env files\n❌ node_modules\n❌ .git directories\n❌ Nested git repositories\n❌ Files containing secrets (detected by regex)\nSecret Detection\n\nClawSync scans for these secret patterns:\n\nGitHub tokens (ghp_*)\nOpenAI keys (sk-*)\nGoogle API keys (AIza*)\nSlack tokens (xoxb-*, xoxp-*)\nAWS access keys (AKIA*)\nJWTs and bearer tokens\nPrivate keys (-----BEGIN * PRIVATE KEY-----)\nHigh-entropy strings\n\nIf any are detected → backup aborts before push.\n\nEnvironment Variables (Required)\nexport GITHUB_TOKEN=\"ghp_xxxx\"\nexport BACKUP_REPO=\"username/repo-name\"\nexport OPENCLAW_WORKSPACE=\"${HOME}/openclaw-workspace\"\n\n🔐 Recommended: Fine-Grained PAT\n\nFor least privilege, use a GitHub Fine-Grained PAT:\n\nGo to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens\nCreate new token with:\nRepository access: Only $BACKUP_REPO\nPermissions: Contents: Write\nUse this token as GITHUB_TOKEN\nQuick Start\ngit clone https://github.com/your-username/clawsync.git ~/clawsync\ncp .env.example .env\n# Edit .env with your values\nbash sync.sh\n\nFeatures\nPre-flight Check: Validates required env vars before running\nStrict Whitelist: Only copies explicitly allowed files\nDeny List: Filters out .git, credentials, node_modules\nSecret Scrubbing: Detects 100+ secret patterns, aborts if found\nSafe Restore: Requires --force or confirmation before overwriting\nSafe Restore\n# With confirmation (default)\nbash restore.sh\n\n# Force mode (no prompt)\nbash restore.sh --force\n\nAuth\n\nUses gh CLI if available, falls back to token auth.\n\nFiles\nsync.sh - Backup script (ShellCheck compliant)\nrestore.sh - Restore script\n.env_example - Template\n.gitignore - Blocks secrets\nDevelopment & Release\nRunning Tests Locally\n# Set up test workspace\nmkdir -p /tmp/test-workspace\necho \"test\" > /tmp/test-workspace/AGENTS.md\necho \"test\" > /tmp/test-workspace/USER.md\nmkdir -p /tmp/test-workspace/skills /tmp/test-workspace/scripts\n\n# Run integration test\nexport BACKUP_REPO=\"test/repo\"\nexport OPENCLAW_WORKSPACE=\"/tmp/test-workspace\"\nexport GITHUB_TOKEN=\"dummy\"\n\ncd /tmp && rm -rf test-backup-repo && mkdir test-backup-repo\ncd test-backup-repo && git init\ncp ~/clawsync/sync.sh .\nbash sync.sh\n\nTesting Secret Detection\n# Create a test file with a fake secret\necho \"My API key is ghp_test1234567890abcdefghijklmnopqrstuvwxyz\" > /tmp/test-workspace/AGENTS.md\n\n# Run sync - should abort with error\nbash sync.sh\n\n# Expected output: \"Error: Potential secret detected...\"\n\nSecurity Audit Test (Proves Non-Staged Detection)\n\nThis test verifies the script catches secrets BEFORE they are staged:\n\n# Set up test workspace\nexport BACKUP_REPO=\"test/repo\"\nexport OPENCLAW_WORKSPACE=\"/tmp/test-workspace\"\nexport GITHUB_TOKEN=\"dummy\"\n\n# Create workspace with secret in a non-staged file\nmkdir -p /tmp/test-workspace\necho \"Real API key: sk-realapikey12345678901234567890\" > /tmp/test-workspace/AGENTS.md\n\n# Copy sync.sh to temp backup dir\ncd /tmp && rm -rf audit-test && mkdir audit-test && cd audit-test\ngit init\ncp ~/clawsync/sync.sh .\n\n# Run sync - should FAIL (catches non-staged secret)\nbash sync.sh\n\n# Expected: \"Error: Potential secret detected in backup directory!\"\n# This proves the pre-git-add scanning works\n\nPublishing to ClawHub\n\nThe CI runs on every push and pull request:\n\nShellCheck - Lints bash scripts\nIntegration test - Verifies backup/restore works\n\nTo publish a new version:\n\ngit add -A\ngit commit -m \"Release v1.0.x\"\ngit tag v1.0.x\ngit push origin master --tags\n\n\nCI will automatically:\n\nRun tests\nIf tests pass and tag starts with v*, publish to ClawHub" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/nickconstantinou/clawsync", "publisherUrl": "https://clawhub.ai/nickconstantinou/clawsync", "owner": "nickconstantinou", "version": "1.0.6", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/clawsync", "downloadUrl": "https://openagent3.xyz/downloads/clawsync", "agentUrl": "https://openagent3.xyz/skills/clawsync/agent", "manifestUrl": "https://openagent3.xyz/skills/clawsync/agent.json", "briefUrl": "https://openagent3.xyz/skills/clawsync/agent.md" } }