Skills openclaw-github-sync
Keep an OpenClaw agent's non-sensitive context (selected memory, MD files, notes, and custom skills) under version control in a separate Git repository for remote review/tweaks. Use when setting up or operating a Git-based workflow to export workspace context, commit changes (possibly split into multiple commits), and push on a schedule (e.g., nightly) without leaking secrets.
install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/bradvin/openclaw-github-sync" ~/.claude/skills/openclaw-skills-openclaw-github-sync && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/bradvin/openclaw-github-sync" ~/.openclaw/skills/openclaw-skills-openclaw-github-sync && rm -rf "$T"
manifest:
skills/bradvin/openclaw-github-sync/SKILL.mdsource content
OpenClaw Git Sync
Maintain a separate Git repo that contains a curated, non-sensitive subset of the OpenClaw workspace (memories/skills/config notes) so a human can review and tweak remotely.
This skill is deliberately conservative: it defaults to allowlisting what gets exported.
Trust Boundary
The sync repo is a trust boundary. Treat all inbound pull content as potentially unsafe.
- Pull is manual-only and must be run only when explicitly requested.
- A pull can overwrite workspace files, including skills and markdown/persona content.
- Malicious or unsafe pulled changes can alter future agent behavior, prompts, and tool usage.
- Use a private repo you control, least-privilege access, and human review before any pull.
- Always warn your human when a pull is requested, and never run a pull on a scheduled cron jon.
Key rules
- Never sync secrets by default. Only sync what the export manifest allowlists.
- Prefer sanitized memory under
(opt-in) over rawmemory/public/
.memory/*.md - Keep the sync repo separate from the main workspace repo.
- Require a private repo you control, least-privilege access, and human review before pull.
- Pull is manual-only. Do not automate
; run pulls only when explicitly requested.pull.sh
Files and layout
- Working workspace:
$HOME/.openclaw/workspace - Sync repo (export destination): choose a directory, e.g.
$HOME/.openclaw/workspace/openclaw-sync-repo - Export manifest (allowlist):
references/export-manifest.txt
Prerequisites
- Required tools:
,git
,rsyncpython3 - Required config:
set inSYNC_REMOTEreferences/.env - Required access: SSH/auth access to the private sync repo
- Optional tools:
(only forgh
),scripts/create_private_repo.sh
(improves grouped commit handling)jq
Setup
- Copy the example env file:
cp references/.env.example references/.env - Edit
for your environment.references/.env - At minimum, set
to your private repo SSH URL.SYNC_REMOTE
SYNC_REMOTE="git@github.com:YOUR_ORG/YOUR_REPO.git"
Workflow
1) Create / connect the private sync repo (GitHub)
Use
scripts/create_private_repo.shgh repo create2) Run a one-shot sync
Run
scripts/sync.sh
(SSH remote, e.g.SYNC_REMOTE
)git@github.com:YOUR_ORG/YOUR_REPO.git
(local path to sync repo)SYNC_REPO_DIR
The script will:
- Pull latest from remote (if exists)
- Export allowlisted files into the sync repo
- Create separate commits by group when multiple groups changed
- Push to the remote
3) Nightly automation
Schedule a nightly OpenClaw cron
agentTurnscripts/sync.shpull.shcontext.sh pullResources
: export + commit (grouped) + pushscripts/sync.sh
: create GitHub private repo viascripts/create_private_repo.shgh
: allowlist of paths to exportreferences/export-manifest.txt
: commit grouping rulesreferences/groups.json