# Send Clawsync to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "clawsync",
    "name": "Clawsync",
    "source": "tencent",
    "type": "skill",
    "category": "效率提升",
    "sourceUrl": "https://clawhub.ai/nickconstantinou/clawsync",
    "canonicalUrl": "https://clawhub.ai/nickconstantinou/clawsync",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/clawsync",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=clawsync",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "AGENTS.md",
      "HEARTBEAT.md",
      "IDENTITY.md",
      "README.md",
      "SITES.md",
      "SKILL.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "clawsync",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T12:06:10.419Z",
      "expiresAt": "2026-05-06T12:06:10.419Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=clawsync",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=clawsync",
        "contentDisposition": "attachment; filename=\"clawsync-1.0.6.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "clawsync"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/clawsync"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/clawsync",
    "downloadUrl": "https://openagent3.xyz/downloads/clawsync",
    "agentUrl": "https://openagent3.xyz/skills/clawsync/agent",
    "manifestUrl": "https://openagent3.xyz/skills/clawsync/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/clawsync/agent.md"
  }
}
```
## Documentation

### ClawSync

Backup and restore your OpenClaw workspace to GitHub.

### ⚠️ Security First

This skill is designed with defense-in-depth. Please read carefully.

### What It Backs Up

CategoryFilesStatusIdentity FilesAGENTS.md, SOUL.md, USER.md, TOOLS.md, IDENTITY.md, HEARTBEAT.md✅ SafeSkillsAll from $OPENCLAW/skills/⚠️ Manual reviewScriptsAll from $OPENCLAW/scripts/⚠️ Manual review

### Why Some Files Are Not Backed Up

The following files are NOT backed up by design:

SITES.md — May contain API keys/secrets
MEMORY.md — May contain sensitive conversation data
Any file in credentials/, .env, node_modules/

### What It Excludes

❌ API keys and tokens (any format)
❌ Credentials folder
❌ .env files
❌ node_modules
❌ .git directories
❌ Nested git repositories
❌ Files containing secrets (detected by regex)

### Secret Detection

ClawSync scans for these secret patterns:

GitHub tokens (ghp_*)
OpenAI keys (sk-*)
Google API keys (AIza*)
Slack tokens (xoxb-*, xoxp-*)
AWS access keys (AKIA*)
JWTs and bearer tokens
Private keys (-----BEGIN * PRIVATE KEY-----)
High-entropy strings

If any are detected → backup aborts before push.

### Environment Variables (Required)

export GITHUB_TOKEN="ghp_xxxx"
export BACKUP_REPO="username/repo-name"
export OPENCLAW_WORKSPACE="${HOME}/openclaw-workspace"

### 🔐 Recommended: Fine-Grained PAT

For least privilege, use a GitHub Fine-Grained PAT:

Go to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens
Create new token with:

Repository access: Only $BACKUP_REPO
Permissions: Contents: Write


Use this token as GITHUB_TOKEN

### Quick Start

git clone https://github.com/your-username/clawsync.git ~/clawsync
cp .env.example .env
# Edit .env with your values
bash sync.sh

### Features

Pre-flight Check: Validates required env vars before running
Strict Whitelist: Only copies explicitly allowed files
Deny List: Filters out .git, credentials, node_modules
Secret Scrubbing: Detects 100+ secret patterns, aborts if found
Safe Restore: Requires --force or confirmation before overwriting

### Safe Restore

# With confirmation (default)
bash restore.sh

# Force mode (no prompt)
bash restore.sh --force

### Auth

Uses gh CLI if available, falls back to token auth.

### Files

sync.sh - Backup script (ShellCheck compliant)
restore.sh - Restore script
.env_example - Template
.gitignore - Blocks secrets

### Running Tests Locally

# Set up test workspace
mkdir -p /tmp/test-workspace
echo "test" > /tmp/test-workspace/AGENTS.md
echo "test" > /tmp/test-workspace/USER.md
mkdir -p /tmp/test-workspace/skills /tmp/test-workspace/scripts

# Run integration test
export BACKUP_REPO="test/repo"
export OPENCLAW_WORKSPACE="/tmp/test-workspace"
export GITHUB_TOKEN="dummy"

cd /tmp && rm -rf test-backup-repo && mkdir test-backup-repo
cd test-backup-repo && git init
cp ~/clawsync/sync.sh .
bash sync.sh

### Testing Secret Detection

# Create a test file with a fake secret
echo "My API key is ghp_test1234567890abcdefghijklmnopqrstuvwxyz" > /tmp/test-workspace/AGENTS.md

# Run sync - should abort with error
bash sync.sh

# Expected output: "Error: Potential secret detected..."

### Security Audit Test (Proves Non-Staged Detection)

This test verifies the script catches secrets BEFORE they are staged:

# Set up test workspace
export BACKUP_REPO="test/repo"
export OPENCLAW_WORKSPACE="/tmp/test-workspace"
export GITHUB_TOKEN="dummy"

# Create workspace with secret in a non-staged file
mkdir -p /tmp/test-workspace
echo "Real API key: sk-realapikey12345678901234567890" > /tmp/test-workspace/AGENTS.md

# Copy sync.sh to temp backup dir
cd /tmp && rm -rf audit-test && mkdir audit-test && cd audit-test
git init
cp ~/clawsync/sync.sh .

# Run sync - should FAIL (catches non-staged secret)
bash sync.sh

# Expected: "Error: Potential secret detected in backup directory!"
# This proves the pre-git-add scanning works

### Publishing to ClawHub

The CI runs on every push and pull request:

ShellCheck - Lints bash scripts
Integration test - Verifies backup/restore works

To publish a new version:

git add -A
git commit -m "Release v1.0.x"
git tag v1.0.x
git push origin master --tags

CI will automatically:

Run tests
If tests pass and tag starts with v*, publish to ClawHub
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: nickconstantinou
- Version: 1.0.6
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-29T12:06:10.419Z
- Expires at: 2026-05-06T12:06:10.419Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/clawsync)
- [Send to Agent page](https://openagent3.xyz/skills/clawsync/agent)
- [JSON manifest](https://openagent3.xyz/skills/clawsync/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/clawsync/agent.md)
- [Download page](https://openagent3.xyz/downloads/clawsync)