← Back to Skills Marketplace
117
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install moci
Description
Generate, validate, export, and manage MOCI — the identity system for OpenClaw agents. Use this skill whenever the user mentions MOCI identity, agent ID, moc...
Usage Guidance
This skill appears to be what it claims: an on-device identity manager that creates a device salt, derives keys from local identifiers, encrypts an identity file, and enforces memory write controls. Before installing, confirm you are comfortable with it creating and reading files under ~/.openclaw (device salt, encrypted identity, breadcrumb counter). Understand that Tier 1 identities are device-bound (not portable) until you explicitly export and set a passphrase. Ensure the OpenClaw Gateway/runtime you use enforces the described write-gate and redaction protections (the design assumes the Gateway holds tokens and blocks direct agent writes). Also review your logging/audit configuration: rejected writes record a short content preview in audit logs (useful for security, but potentially privacy-sensitive). If you plan to run agents in containers, remember to mount ~/.openclaw as a volume to persist the device salt. If any of these operational assumptions (trusted Gateway, file location, logging behavior) are unacceptable, do not install or deploy the skill until those are addressed.
Capability Analysis
Type: OpenClaw Skill
Name: moci
Version: 0.1.0
The 'moci' skill bundle implements a sophisticated identity and memory-chain verification system for OpenClaw agents, designed to prevent cloning and impersonation. It features a multi-layered security architecture including device fingerprinting, AES-256-GCM encrypted storage (at ~/.openclaw/moci-identity.enc), and a 'Memory Ring' system that cryptographically seals agent history. The bundle is exceptionally well-documented, including a detailed threat matrix, NIST compliance mapping, and robust defensive measures against prompt injection (e.g., the sanitizeForLLM function in references/moci.ts). All high-risk operations, such as filesystem access and cryptographic key management, are strictly aligned with the stated purpose of providing a self-sovereign identity layer.
Capability Assessment
Purpose & Capability
Name/description (agent identity lifecycle) align with what the files and SKILL.md do: generate IDs, derive device/passphrase keys, maintain on-disk encrypted identity, enforce write-gates and promote memory rings. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
Runtime instructions and reference code read local system properties (hostname, homedir, machineId), create/read files under ~/.openclaw (device salt, encrypted identity, breadcrumb counter), and perform cryptographic operations — all expected for a device-tied identity system. Note: some audit/log calls include small content previews on rejected writes (possible privacy-sensitive logging). The skill relies on a trusted Gateway to enforce caller tokens and to prevent the agent from performing writes; that trust boundary is important but not contradictory to its purpose.
Install Mechanism
No install spec; the skill is instruction-only with a reference implementation file. Nothing is downloaded or installed automatically by the skill package itself.
Credentials
The skill requests no environment variables or external credentials. It does read system attributes (hostname, homedir, machineId) and writes files in the user's home directory — these are proportionate to deriving a device fingerprint and storing a device salt.
Persistence & Privilege
always:false and no declarations that the skill will persist beyond its own files. The skill writes only within ~/.openclaw and its own identity/breadcrumb files; it does not request to modify other skills or global agent settings in the repository. It does assume the Gateway enforces write-gate policies (a design/operational dependency).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install moci - After installation, invoke the skill by name or use
/moci - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
## 0.1.0 — Initial Release
- MOCI identity generation (Crockford Base32, 6-char suffix, CRC-8)
- Memory ring system (4 rings, 32KB budget, daily promotion)
- 12 memory chain security mechanisms
- Dual-factor verification (key + memory chain)
- MOCI Identity Token (CIT) with per-skill HMAC signing
- Identity lifecycle (suspend / revoke / delete)
- Encrypted export / import with HMAC re-signing
- Structured audit log with tamper detection
- Trust score computation
- 22 threat vectors analyzed and mitigated
Metadata
Frequently Asked Questions
What is MOCI — Memory-bound OpenClaw Identity?
Generate, validate, export, and manage MOCI — the identity system for OpenClaw agents. Use this skill whenever the user mentions MOCI identity, agent ID, moc... It is an AI Agent Skill for Claude Code / OpenClaw, with 117 downloads so far.
How do I install MOCI — Memory-bound OpenClaw Identity?
Run "/install moci" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is MOCI — Memory-bound OpenClaw Identity free?
Yes, MOCI — Memory-bound OpenClaw Identity is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does MOCI — Memory-bound OpenClaw Identity support?
MOCI — Memory-bound OpenClaw Identity is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created MOCI — Memory-bound OpenClaw Identity?
It is built and maintained by mociforge (@mociforge); the current version is v0.1.0.
More Skills