← Back to Skills Marketplace
topguyaii

Openclawdy

by topguy_aii · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
540
Downloads
2
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install openclawdy
Description
Memory infrastructure for AI agents. Persistent storage, semantic recall, reputation tracking, cross-agent pools, and time-travel snapshots. Wallet-based aut...
Usage Guidance
This skill appears to be a third‑party memory service (openclawdy.xyz) and is internally consistent with that purpose, but proceed cautiously: - Verify operator/trust: confirm who runs openclawdy.xyz and review their privacy/legal terms before sending any sensitive data. - Signing vs keys: the service requires signed headers. Confirm how your agent will produce signatures — ensure private keys remain local and the agent only sends signatures (not private keys). The registry should document the signer integration; ask the author if it does not. - Data exfiltration: the API supports full vault export and storage of arbitrary content. Do not grant this skill to agents that can access secrets, PII, or other sensitive files unless you accept that those may be stored off‑site. - Supply‑chain risk: the install instructions point to a remote SKILL.md URL; prefer installing from the registry snapshot or a vetted source rather than fetching a live remote file you don't control. - Least privilege: only enable/use this skill for agents that need long‑term memory and explicitly consent to third‑party storage. If possible, run a self‑hosted or audited alternative. If you want a higher assurance decision, ask the skill owner for: (1) documentation of the signing integration (how signatures are made/verified and whether any SDK/plugin is required), (2) operator identity and data processing agreement, and (3) a static, versioned SKILL.md hosted in the registry rather than only on an external URL.
Capability Analysis
Type: OpenClaw Skill Name: openclawdy Version: 1.1.0 The OpenClawdy skill bundle defines an API for an AI agent memory service. All interactions are via HTTPS calls to the documented `https://openclawdy.xyz` endpoint. The `SKILL.md` explicitly states that no environment variables or external binaries are required, significantly reducing the attack surface for local execution or credential theft. Authentication is wallet-based signing, designed to prevent private key exposure. There are no prompt injection attempts, hidden commands, data exfiltration instructions, or other indicators of malicious intent within the provided files. The functionalities, while powerful (e.g., `memory_export`, `memory_clear`), are clearly documented features of a memory management system, and their misuse would stem from agent instructions rather than the skill's inherent design.
Capability Assessment
Purpose & Capability
The name/description match the SKILL.md (a remote memory/retrieval/reputation service). It requires no env vars or local binaries which is consistent with header-based, wallet-signing auth — however the registry metadata does not declare any primary credential or signer requirement even though the API requires signed headers. That omission is a minor incoherence: the skill needs a signing capability, but the registry does not document how the agent obtains or uses that signer.
Instruction Scope
SKILL.md only instructs the agent to call HTTPS endpoints on openclawdy.xyz and use signed headers; it does not tell the agent to read local files, shell history, or other unrelated secrets. The actions described (store, recall, delete, export) fall within the stated memory-service purpose.
Install Mechanism
There is no install spec or code to write to disk (instruction-only), which is low risk. However the README suggests adding the skill via a remote URL (https://openclawdy.xyz/SKILL.md). Relying on a remote SKILL.md at an external domain is a supply‑chain risk because the fetched instructions could change after installation.
Credentials
The skill declares no required env vars, but authentication requires signed headers (X-Agent-Signature etc.). The registry does not declare a primary credential or explain how signing is provided. This is a proportionality/clarity issue: either an integration mechanism (wallet plugin, signer API) should be documented, or the registry should list the signing capability. Also, the service exposes full vault export endpoints — a legitimate feature, but one that enables mass data export to an external third party, which may be disproportionate for agents with access to sensitive data.
Persistence & Privilege
always:false (normal). The skill enables persistent storage and full export/delete operations on a third‑party service. Combined with normal autonomous invocation, an agent could send sensitive information to this external service without additional system privileges — this is a privacy and data‑exfiltration risk, not a registry privilege misconfiguration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclawdy
  3. After installation, invoke the skill by name or use /openclawdy
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Security review fixes: Added YAML frontmatter, explicit API docs, privacy policy, wallet auth clarification (signing only)
v1.0.0
Initial release: Memory infrastructure for AI agents with reputation, pools, and snapshots
Metadata
Slug openclawdy
Version 1.1.0
License
All-time Installs 1
Active Installs 1
Total Versions 2
Frequently Asked Questions

What is Openclawdy?

Memory infrastructure for AI agents. Persistent storage, semantic recall, reputation tracking, cross-agent pools, and time-travel snapshots. Wallet-based aut... It is an AI Agent Skill for Claude Code / OpenClaw, with 540 downloads so far.

How do I install Openclawdy?

Run "/install openclawdy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclawdy free?

Yes, Openclawdy is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclawdy support?

Openclawdy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Openclawdy?

It is built and maintained by topguy_aii (@topguyaii); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments