📦 openclaw-gitbak — Git备份配置
v1.0.1一键把 OpenClaw 的配置与工作区备份到 Git 仓库,支持还原,防止数据丢失并方便跨机同步,适合团队协作与灾难恢复。
0· 141·1 当前·1 累计
by 下载技能包
最后更新
2026/3/22
安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
Don't run these scripts without review. Before using: (1) Ensure git is installed and you understand your local SSH/git auth — the scripts use git@... SSH remotes. (2) Edit scripts/config.sh to set GIT_HOST, GIT_ORG, and GIT_BRANCH to your own hosting/account (do not rely on the default gitee.com:burnlife). (3) Inspect the BACKUP_ITEMS mapping to confirm only intended paths will be uploaded. (4) Be aware restore.sh will delete all non-.git files in an existing directory if no origin remote is pr...详细分析 ▾
⚠ 用途与能力
The skill's stated purpose (git backup/restore) matches the included scripts, but metadata did not declare required binaries or credentials. The scripts require git and an SSH identity (git@... remotes) although required binaries/env were listed as none. Also the default GIT_HOST/GIT_ORG (gitee.com / burnlife) means backups will push to an external third‑party account unless the user edits config.sh.
⚠ 指令范围
SKILL.md only shows how to run the scripts and edit config.sh, but the scripts themselves perform actions not highlighted in the README: restore.sh, when a directory already exists and lacks an origin remote, will delete all files except .git (find . -type f -not -path './.git/*' -delete) before adding the remote to avoid merge — this can destroy user data. The scripts will also init/commit/push, which will transmit local files to the configured remote.
ℹ 安装机制
There is no network install step and no external downloads (low install risk). However, this is not purely instruction-only: the skill bundle includes executable shell scripts that will be placed on disk as part of the skill; those scripts invoke git and other OS tools at runtime.
⚠ 凭证需求
No environment variables or credentials were declared, yet the scripts implicitly require SSH access to a git host (i.e., private SSH keys or other git auth). The default remote is a third‑party (gitee.com:burnlife), which would cause potentially sensitive OpenClaw configs and workspace files to be uploaded to that account unless the user configures their own host/org. This is disproportionate to a generic backup helper unless the user explicitly sets their own remotes.
ℹ 持久化与权限
always is false and the skill does not request system-level privileges or modify other skills. The agent can invoke the skill autonomously (platform default); combined with the default remote behavior this could result in accidental uploads if an agent calls the scripts without the user editing config.sh first.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/3/21
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install openclaw-gitbak
镜像加速npx clawhub@latest install openclaw-gitbak --registry https://cn.longxiaskill.com