← Back to Skills Marketplace
Agent Soul Sync
by
hongyegong
· GitHub ↗
· v0.3.0
· MIT-0
152
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install agent-soul-sync
Description
Sync local OpenClaw skills to a remote NanoClaw agent on Mysta. Use when the user says "sync my skills", "upload skills to mysta", "push skills to my nanocla...
README (SKILL.md)
Mysta Skill Sync
Sync local OpenClaw skills to a remote NanoClaw agent on the Mysta platform via MCP (Model Context Protocol).
Authentication
The user needs a Mysta API key (starts with mysta_) stored in the MYSTA_API_KEY environment variable.
- Check if the key is already set:
if [ -n "${MYSTA_API_KEY}" ]; then echo "Key is set"; else echo "Key not set"; fi
- If not set, open the API keys page in their browser:
# Cross-platform browser open
if command -v xdg-open &>/dev/null; then
xdg-open "https://app.staging.mysta.tech/en/profile#api-keys"
elif command -v open &>/dev/null; then
open "https://app.staging.mysta.tech/en/profile#api-keys"
else
echo "Please visit: https://app.staging.mysta.tech/en/profile#api-keys"
fi
-
Tell them: "Please create a new API key and set it as an environment variable:
export MYSTA_API_KEY=mysta_..." -
Wait for the user to set their key.
Once the key is set, configure the variables for all subsequent commands:
# API key from environment (required)
: "${MYSTA_API_KEY:?Please set MYSTA_API_KEY environment variable}"
# MCP server URL (defaults to staging, override with MYSTA_MCP_URL for other envs)
MCP_URL="${MYSTA_MCP_URL:-https://api.staging.mysta.tech/api/v2/mcp}"
MCP Protocol
All communication uses the MCP Streamable HTTP transport over HTTPS. Each request is a JSON-RPC call via HTTP POST. No temporary files are written — session IDs are extracted from response headers in-memory. The flow is:
- Initialize a session (get a session ID)
- Call tools using the session ID
- Close the session when done
Initialize session
# Extract session ID from response headers without writing temp files
MCP_SESSION=$(curl -sf -X POST "${MCP_URL}" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "Authorization: Bearer ${MYSTA_API_KEY}" \
-d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"openclaw","version":"1.0.0"}}}' \
-D- -o /dev/null 2>/dev/null | grep -i "mcp-session-id" | tr -d '\r' | awk '{print $2}')
Then send the initialized notification:
curl -sf -X POST "${MCP_URL}" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${MYSTA_API_KEY}" \
-H "Mcp-Session-Id: ${MCP_SESSION}" \
-d '{"jsonrpc":"2.0","method":"notifications/initialized"}'
Call a tool
RESULT=$(curl -sf -X POST "${MCP_URL}" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "Authorization: Bearer ${MYSTA_API_KEY}" \
-H "Mcp-Session-Id: ${MCP_SESSION}" \
-d "$(jq -n --arg name "TOOL_NAME" --argjson args 'ARGS_JSON' \
'{jsonrpc:"2.0",id:2,method:"tools/call",params:{name:$name,arguments:$args}}')")
The response may be SSE (text/event-stream) — parse data: lines for JSON-RPC results.
Close session
curl -sf -X DELETE "${MCP_URL}" \
-H "Authorization: Bearer ${MYSTA_API_KEY}" \
-H "Mcp-Session-Id: ${MCP_SESSION}"
Workflow
Step 1: Initialize MCP session
Initialize using the protocol above. Store MCP_SESSION for all subsequent calls.
Step 2: List agents
Call the mysta_list_agents tool:
RESULT=$(curl -sf -X POST "${MCP_URL}" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "Authorization: Bearer ${MYSTA_API_KEY}" \
-H "Mcp-Session-Id: ${MCP_SESSION}" \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"mysta_list_agents","arguments":{}}}')
Parse the response to find agent IDs and names.
- If no agents found, tell the user to create one at https://app.staging.mysta.tech
- If one agent, auto-select it
- If multiple, ask which one to sync to
Step 3: Scan local skills
Find all SKILL.md files in the OpenClaw skills directories:
find ~/.openclaw/skills ~/Workspace/openclaw/skills -maxdepth 2 -name "SKILL.md" -type f 2>/dev/null
For each skill, the name is the parent directory name.
Present the list and ask:
- "all" → sync everything
- specific names → sync only those
- "cancel" → abort
Step 4: Upload skills via MCP
For each selected skill, read the content and call mysta_sync_skill:
SKILL_CONTENT=$(cat "$SKILL_PATH")
RESULT=$(curl -sf -X POST "${MCP_URL}" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "Authorization: Bearer ${MYSTA_API_KEY}" \
-H "Mcp-Session-Id: ${MCP_SESSION}" \
-d "$(jq -n --arg name "$SKILL_NAME" --arg content "$SKILL_CONTENT" --arg agentId "$AGENT_ID" \
'{jsonrpc:"2.0",id:3,method:"tools/call",params:{name:"mysta_sync_skill",arguments:{agentId:$agentId,skillName:$name,content:$content}}}')")
Alternatively, use mysta_sync_all_skills to batch upload:
# Build skills JSON array
SKILLS_JSON=$(for skill_path in $SELECTED_SKILLS; do
name=$(basename $(dirname "$skill_path"))
content=$(cat "$skill_path")
jq -n --arg name "$name" --arg content "$content" '{name:$name,content:$content}'
done | jq -s '.')
RESULT=$(curl -sf -X POST "${MCP_URL}" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "Authorization: Bearer ${MYSTA_API_KEY}" \
-H "Mcp-Session-Id: ${MCP_SESSION}" \
-d "$(jq -n --arg agentId "$AGENT_ID" --argjson skills "$SKILLS_JSON" \
'{jsonrpc:"2.0",id:3,method:"tools/call",params:{name:"mysta_sync_all_skills",arguments:{agentId:$agentId,skills:$skills}}}')")
Step 5: Close session and report results
Close the MCP session, then show a summary:
- Total skills synced
- Any failures with error details
- If the agent's dev pod was running, skills are live immediately
- If not running, tell user to start the dev pod on https://app.staging.mysta.tech to apply skills
Security Notes
- All API communication uses HTTPS. API keys are transmitted over encrypted connections only.
- The
MYSTA_API_KEYmust be stored as an environment variable, never hardcoded in scripts. Use limited-scope keys and revoke after use. - No temporary files are written. Session IDs are extracted in-memory from response headers and stored only in shell variables for the duration of the session.
- SKILL.md file contents are read and uploaded to the Mysta server. Review skill files before syncing — do not include secrets, credentials, or sensitive data in SKILL.md files.
- API keys are scoped to the authenticated user's agents only.
- This skill requires explicit user consent before: opening a browser, uploading files, or connecting to the Mysta API.
Notes
- Skills are uploaded to OSS for audit and pushed to the agent's NAS-mounted storage.
- Skills persist across pod restarts.
- Re-uploading a skill with the same name overwrites it (idempotent).
- This does NOT publish the agent. Publishing is a separate action on the Mysta platform.
- The MCP server handles auth, OSS audit, DB metadata update, and live push to running pods — all in one call.
Usage Guidance
This skill is coherent for uploading your local OpenClaw SKILL.md files to a Mysta agent, but take these precautions before using it: 1) Verify the endpoint—the SKILL.md defaults to staging (app.staging.mysta.tech); switch to your production MCP_URL only if you trust the destination. 2) Inspect the SKILL.md files you plan to upload—do not upload files that contain secrets, API keys, or private data. 3) Create a Mysta API key with the least privileges required and set it only in a session or a secure place (export MYSTA_API_KEY=mysta_...), and consider rotating/revoking the key after use. 4) Confirm the selection step each run (choose specific skills rather than 'all' when possible). If you need stronger assurance, ask the skill/provider for an official production endpoint and privacy/security documentation before uploading.
Capability Analysis
Type: OpenClaw Skill
Name: agent-soul-sync
Version: 0.3.0
The 'mysta-sync' skill (version 0.3.0) is designed to synchronize local OpenClaw skill files to a remote NanoClaw agent on the Mysta platform. It uses standard system utilities (curl, jq, find) to read SKILL.md files from specific local directories and upload them to a designated MCP server (api.staging.mysta.tech). The skill includes clear instructions for the agent to seek user consent, handle API keys via environment variables, and avoid writing temporary files. No evidence of malicious intent, data exfiltration of sensitive system files, or obfuscation was found; the behavior is entirely consistent with the stated purpose of cloud synchronization.
Capability Assessment
Purpose & Capability
Name/description say it will sync local OpenClaw skills to a Mysta NanoClaw agent; the runtime instructions require curl, jq, and a Mysta API key and explicitly read local SKILL.md files from expected OpenClaw skill paths—these requirements are appropriate for that goal. Note: default endpoints point to staging (app.staging.mysta.tech / api.staging.mysta.tech); confirm you intend to use staging vs production.
Instruction Scope
Instructions only read SKILL.md files from the two documented locations, initialize an MCP session, and POST skill contents to the Mysta MCP endpoint—this matches the described sync workflow. Warning: SKILL.md files may contain secrets or private code; the instructions will upload full file contents to the remote agent. The workflow prompts selection of which skills to upload, but you should explicitly review selections before proceeding.
Install Mechanism
Instruction-only skill with no install steps and no code files—no downloads or archive extraction. This is low risk from an install/execution point of view.
Credentials
The only required secret is MYSTA_API_KEY, which is proportional to an API-based sync operation. Ensure the API key is obtained from the official Mysta site and scoped/minimized; the SKILL.md also supports overriding MCP_URL (MYSTA_MCP_URL), so verify that endpoint before use.
Persistence & Privilege
Skill is not always-enabled, is user-invocable, and does not request persistent system changes or modify other skills' configurations. It asks for read/exec actions in metadata (to read files and run shell commands), which align with its declared behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agent-soul-sync - After installation, invoke the skill by name or use
/agent-soul-sync - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.0
- All API endpoints and web URLs updated from http to https for secure communication.
- No temporary files are written; session IDs are now extracted in-memory for improved security and portability.
- Security notes revised: emphasizes HTTPS-only communication, avoidance of temporary disk artifacts, and explicit user consent before potentially sensitive actions.
- Minor documentation clarifications and modernized browser-opening examples.
v0.2.2
- Improved description and metadata for clarity on what tools and variables are required.
- Aligned compatibility section to simply list required bins and environment variables.
- Documented that the browser is opened for API key setup only with user consent.
- Clarified that only SKILL.md files are synced (not arbitrary files).
- Minor workflow and security documentation improvements; no feature or API changes.
v0.2.1
- Major rebranding: Skill renamed to mysta-sync, now focusing on syncing OpenClaw skills to remote NanoClaw agents on the Mysta platform.
- Adds step-by-step instructions for authentication using a Mysta API key via environment variable.
- Documents detailed workflow for initializing an MCP session, listing agents, scanning local skills, uploading skills (individually or in batch), and session closure.
- Clarifies requirements: network access, curl, jq, and proper environment variable configuration.
- Provides detailed security notes and caveats about skill file contents and API key handling.
- Improves clarity on result reporting and agent status after sync.
Metadata
Frequently Asked Questions
What is Agent Soul Sync?
Sync local OpenClaw skills to a remote NanoClaw agent on Mysta. Use when the user says "sync my skills", "upload skills to mysta", "push skills to my nanocla... It is an AI Agent Skill for Claude Code / OpenClaw, with 152 downloads so far.
How do I install Agent Soul Sync?
Run "/install agent-soul-sync" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Agent Soul Sync free?
Yes, Agent Soul Sync is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Agent Soul Sync support?
Agent Soul Sync is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Agent Soul Sync?
It is built and maintained by hongyegong (@hongyegong); the current version is v0.3.0.
More Skills