Birth System Manager

Name: Birth System Manager
Author: vg555558

Description

Manage birth encoding, migration packing/unpacking, identity whoami, secure wallet decryption, and full family tree lineage tracking for OpenClaw agents with...

README (SKILL.md)

Skill Instructions

When user says "birth init", "generate birth id", "出生认证", "初始化出生系统" or similar: Run: node {baseDir}/generate-birth-id.js This will generate a unique Birth ID for new instances, create an Ethereum wallet, and generate a cryptographic signature. If IS_CLONE=true is set, it will automatically generate a clone Birth ID. Return the generated Birth ID, wallet address, and signature verification status.
When user says "pack", "migrate pack", "birth pack", "打包迁移" or similar: Ask for password if not provided (use env BIRTH_PRIVATE_KEY_PASSWORD if set). Run: node {baseDir}/pack.js [password] Return the generated tar.gz path.
When user says "unpack", "install clone", "解包克隆", "unpack birth-pack" + path: Ask for package path and target dir (default ~/openclaw-new-lobster). Run: node {baseDir}/unpack.js \x3Cpath> \x3Ctarget> IMPORTANT: After unpacking, remind user to mark as clone:
```
export IS_CLONE=true
node ~/.openclaw/birth-system/clone-init.js
```
Or run directly: node {baseDir}/clone-init.js (requires IS_CLONE=true env var) This will generate new birth_id, set parent_id, and build family tree.
When user says "whoami", "birth whoami", "我的身份", "出生信息": Run: node {baseDir}/whoami.js Return full output including:
- Birth ID, Type (Original/Clone), Parent ID
- Full family tree with ancestor chain
- Creation time, Age
- Wallet address, Signature verification
- Clone suffix and ancestor count
When user says "mark as clone", "init clone", "initialize clone", "标记克隆": Check if IS_CLONE=true is set. If not, instruct user to run:
```
export IS_CLONE=true
node {baseDir}/clone-init.js
```
This will:
- Generate new birth_id (parent_id + '-clone-' + random suffix)
- Set parent_id to original birth_id
- Update type to 'clone'
- Build ancestors array with full lineage
- Re-sign with new signature Return new birth_id and family tree.
When user says "family tree", "lineage tree", "家族树", "克隆谱系": Run: node {baseDir}/whoami.js --verbose Return detailed family tree showing complete ancestor chain with creation dates.
When user says "fix clone", "修复克隆", "补救克隆身份": If user missed clone initialization after unpacking, guide them to:
1. Find parent_birth_id from the original package:
```
tar -xzf birth-pack-xxx.tar.gz ./.openclaw/birth-info.json
cat .openclaw/birth-info.json | grep birth_id
```
2. Run fix-clone with parent ID:
```
node {baseDir}/fix-clone.js \x3Cparent_birth_id> --auto
```
This will:
- Generate new birth_id for this instance
- Set parent_id to the specified parent
- Update type to 'clone'
- Build ancestors array
- Mark the fix timestamp (clone_fixed_at) Return updated birth_id and family tree.
When user says "decrypt wallet", "解密钱包", "show private key": Require password (env or ask). Run: node {baseDir}/decrypt-wallet.js ~/.openclaw/birth-info.json [password] Return ONLY wallet address and success message, NEVER show full private key.
General: If user asks about "龙虾出生系统", "clone lineage", "birth system": Explain it's for unique agent identity and cloning tracking with full family tree lineage tracking.

Security: All operations local, no network calls. Passwords via env only.

Migration Notes:

When cloning, ALWAYS set export IS_CLONE=true before running clone-init.js
Skipping clone initialization will result in identity being treated as "Original"
Family tree tracking requires proper clone marking at each generation

Usage Guidance

Do NOT install this skill into a production agent without review and changes. Specific issues to consider: - generate-birth-id.js writes private_key in plaintext into ~/.openclaw/birth-info.json; this is sensitive and the README warns encryption is preferred but the code does not enforce it. Replace with encrypted storage or remove storing of raw private_key. - decrypt-wallet.js prints the private key to stdout by default (contradicts SKILL.md which promises 'NEVER show full private key'). Modify the script to never print the private key unless explicitly and knowingly requested, and avoid writing private keys to disk. - pack.js uses a default password ('default-secret-password') if none is supplied and then embeds the chosen password inside MIGRATION.md saved into the package. That effectively leaks the encryption password in the archive. Change the behavior to require an explicit password and never write it into package files or migration instructions. - The pack process includes workspace/skills/memory directories and system metadata (hostname), which can bundle arbitrary user data. Audit what will be included and add safer defaults or explicit confirmation prompts. - SKILL.md and package metadata do not declare environment variables the code actually uses (BIRTH_PRIVATE_KEY_PASSWORD, BIRTH_PACK_PASSWORD, IS_CLONE, etc.). The mismatch is misleading; update metadata and documentation to list required env vars and their security implications. - The SKILL.md contained unicode control characters (possible injection). Open SKILL.md in a hex-aware editor to ensure there is no hidden content or malicious prompt-injection text. Recommended next steps before installing: run the scripts in an isolated sandbox/container, back up ~/.openclaw/birth-info.json, remove or encrypt private_key fields, patch decrypt-wallet.js to avoid printing secrets, and change pack.js to never embed passwords into files and to prompt the user before archiving workspace content. If you cannot review and patch the code yourself, avoid installing this skill.

Capability Analysis

Type: OpenClaw Skill Name: birth-system-manager Version: 1.2.0 The bundle manages agent identities and migrations but exhibits high-risk security practices. Specifically, 'generate-birth-id.js' stores raw Ethereum private keys in a local JSON file (~/.openclaw/birth-info.json), and 'decrypt-wallet.js' is explicitly designed to output these keys to stdout or a file. Additionally, 'pack.js' bundles sensitive state into an archive on the Desktop using a weak default password ('default-secret-password'). While these features align with the stated purpose of identity management and migration, the handling of cryptographic secrets is insecure and poses a high risk of accidental credential exposure.

Capability Assessment

⚠ Purpose & Capability

Name/description claim birth, pack/unpack, and lineage management — that is consistent with the included scripts. However the pack script includes workspace/skills/memory and system metadata (hostname/platform) when creating migration archives, which is broader than a minimal 'birth id' manager and can cause unintentional bundling of arbitrary user data. The SKILL metadata indicates no required env vars, but code relies on several (IS_CLONE, BIRTH_PRIVATE_KEY_PASSWORD, BIRTH_PACK_PASSWORD, OPENCLAW_WORKSPACE etc.), so the declared capabilities do not fully match what the code needs.

⚠ Instruction Scope

SKILL.md asserts 'All operations local, no network calls' and 'Passwords via env only' and promises 'NEVER show full private key' on decryption. The code contradicts this: generate-birth-id.js stores raw private_key in birth-info.json, decrypt-wallet.js prints the private key to stdout by default (unless the user sets DECRYPT_OUTPUT_TO_FILE), and pack.js embeds the pack password in the generated MIGRATION.md (leaking the password inside the package). pack.js also collects hostname/platform and may include workspace/skills/memory directories in the archive — this can unintentionally capture sensitive files. These are scope and data-handling mismatches with the SKILL.md promises.

ℹ Install Mechanism

There is no external install spec (no network downloads) so nothing is fetched from unknown URLs at install time — that's lower risk. The package includes multiple Node JS scripts and implicitly requires Node modules (ethers, archiver) but the metadata only lists 'node' as a required binary; dependency installation is not declared. No extract-from-URL installs were found.

⚠ Credentials

The skill metadata declares no required env vars, but the code uses and/or relies on many environment settings: IS_CLONE (behavior change), BIRTH_PRIVATE_KEY_PASSWORD (decrypt private keys), BIRTH_PACK_PASSWORD (pack encryption password; defaults to 'default-secret-password' when unset), DECRYPT_OUTPUT_TO_FILE (controls writing private key to file), OPENCLAW_CONFIG_PATH/OPENCLAW_WORKSPACE (paths). Requiring or using private-key passwords and writing/reading birth-info.json are highly sensitive actions; the lack of declared credentials and the presence of an insecure default password in pack.js are disproportionate and not properly advertised.

ℹ Persistence & Privilege

The skill does not request 'always: true' and is user-invocable only — normal. It reads and writes the user's ~/.openclaw/birth-info.json and creates files under /tmp and ~/Desktop or the target dir during pack/unpack. That file I/O is expected for a birth/pack/unpack tool, but because of the sensitive nature of what it writes (plaintext private_key, encrypted backups, MIGRATION.md with password), the persistence behavior increases risk if installed without careful review.

Version History

v1.2.0

✨ Added generate-birth-id.js for birth initialization of new OpenClaw instances. Supports automatic clone detection via IS_CLONE environment variable. Generates unique Birth IDs using Ethereum DID with cryptographic signature verification.

v1.1.1

🔧 Added fix-clone.js tool to manually fix clone identity when clone-init was missed after unpacking. Supports manual parent_id specification for补救 cloning mistakes.

v1.1.0

✨ Added full family tree lineage tracking with parent-child relationships and clone generation tracking. New clone-init.js script for proper clone initialization. Enhanced whoami.js with family tree visualization.

v1.0.0

Initial release: Birth system manager with pack/unpack/whoami/decrypt-wallet features

Metadata

Slug birth-system-manager

Version 1.2.0

License —

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is Birth System Manager?

Manage birth encoding, migration packing/unpacking, identity whoami, secure wallet decryption, and full family tree lineage tracking for OpenClaw agents with... It is an AI Agent Skill for Claude Code / OpenClaw, with 354 downloads so far.

How do I install Birth System Manager?

Run "/install birth-system-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Birth System Manager free?

Yes, Birth System Manager is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Birth System Manager support?

Birth System Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Birth System Manager?

It is built and maintained by vg555558 (@vg555558); the current version is v1.2.0.

More Skills