Nothing wrong with the solution above but there are some superfluous commands.
Unless you expect the push content back to your git repo, there's no need to create git-credentials and its associated secure content. The benefit of a lighter approach being if your repo is cloned by a 3rd party, they won't have to update the yml with new credentials etc...
If your use case is to preserve .git\lfs\objects - or any other content in the 'clone_folder', this can be done in the following manner - which most closely resembles the skipped AppVeyor default cloning behavior:
# git fetch/checkout - 'clone_dir' can have cached content
# git will see the 'clone_dir' as empty as long as there is no .git/HEAD file
- git init %APPVEYOR_BUILD_FOLDER%
- cd %APPVEYOR_BUILD_FOLDER%
- git remote add origin https://github.com/%APPVEYOR_REPO_NAME%.git
# the APPVEYOR_REPO_BRANCH and tags will be updated even if it does not fast-forward, because it is prefixed with a plus sign
- git fetch -qfup --depth=5 origin +%APPVEYOR_REPO_BRANCH% +refs/tags/*:refs/tags/*
# default AppVeyor checkout
- git checkout -qf %APPVEYOR_REPO_COMMIT%