← Back to Skills Marketplace
84
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install session-sync-cloud
Description
Automatic cloud backup and sync for OpenClaw memory files. Encrypted upload to S3/Backblaze, versioned retention (30 days), cross-device restore. Includes we...
Usage Guidance
Do not assume your backups will be end-to-end encrypted — the documentation promises AES-256 client-side encryption but the included Python script does not implement any encryption or use an encryption key. Before installing or pointing this skill at real data:
- Ask the author to provide the complete, untruncated source and an explicit implementation of client-side encryption (or remove the encryption claims). Verify the code actually encrypts data before any network call.
- Avoid putting real credentials or sensitive data in session-sync-config.json in plaintext until you trust the implementation. Use a bucket and access key with minimal permissions (e.g., a dedicated key limited to PutObject/DeleteObject/ListObjects on a single bucket/prefix).
- Test with non-sensitive dummy data first to confirm behavior (uploads, pruning, restore).
- Confirm how dashboard restore is intended to work (the HTML references an HTTP endpoint that the script does not provide).
- If you need true E2E encryption, insist on peer-reviewed crypto code or use a vetted client-side encryption library (e.g., AWS S3 client-side encryption SDKs) and do not rely on deriving keys from credentials.
Given the mismatch between claims and code, treat this skill as suspicious and avoid pointing it at any sensitive workspace until the author fixes and documents the missing encryption and provides the complete working code.
Capability Analysis
Type: OpenClaw Skill
Name: session-sync-cloud
Version: 1.0.0
The skill documentation (SKILL.md) explicitly claims to provide AES-256 encryption for cloud backups so that the 'server never sees plaintext,' but the implementation in scripts/run.py lacks any encryption logic, uploading memory files in plaintext. This critical discrepancy between the security claims and the actual code behavior creates a false sense of security. Additionally, the generated memory/sync-dashboard.html includes a script that attempts to trigger restores via a local web endpoint (/restore) not implemented in the provided code, which is unusual for a standalone skill.
Capability Assessment
Purpose & Capability
The skill claims to provide encrypted, versioned backups to S3-compatible storage and to scan the workspace memory/ directory — the code does scan memory/ and uploads files to a user-provided S3 bucket via boto3, which is coherent with the stated purpose. However, the SKILL.md repeatedly claims AES-256 client-side encryption and key-derivation behavior that is not present in the provided run.py; that is a material mismatch between claimed capability and implementation.
Instruction Scope
SKILL.md instructs creating a plaintext session-sync-config.json with access key and secret and (optionally) an encryption key. The code uses that config to read credentials and upload all files under memory/ (no excludes) — sensible for backup but will include any secrets in memory/. Critically, SKILL.md promises end-to-end AES-256 encryption before upload and deriving keys from credentials if unset; the provided run.py does not perform any encryption or use an encryption key. The dashboard HTML references an HTTP restore endpoint ('/restore') that is not implemented in the code. The code will therefore upload plaintext to the configured bucket despite the documentation claiming ciphertext-only storage.
Install Mechanism
No install spec (instruction-only) and a small python script; low install-surface. The script requires boto3 (it checks and errors if missing) and suggests pip installing it. No downloads from arbitrary URLs or archive extraction are present.
Credentials
No environment variables are requested; the skill uses a workspace config file that must contain the cloud access key and secret. Requesting cloud credentials in that config is proportional to performing S3 uploads. However, storing credentials in a plaintext file in the workspace is a sensitive design choice (risk of accidental leakage). The SKILL.md's claim that an encryption key can be derived from credentials is insecure and—critically—not implemented in the code.
Persistence & Privilege
The skill is not force-enabled (always: false) and is user-invocable. It does not request persistent, platform-wide privileges in the metadata. It writes artifacts to the workspace (logs, dashboard) which is expected for a backup tool.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install session-sync-cloud - After installation, invoke the skill by name or use
/session-sync-cloud - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — automatic encrypted cloud backup and sync for memory files (S3/B2 compatible)
Metadata
Frequently Asked Questions
What is Session Sync Cloud?
Automatic cloud backup and sync for OpenClaw memory files. Encrypted upload to S3/Backblaze, versioned retention (30 days), cross-device restore. Includes we... It is an AI Agent Skill for Claude Code / OpenClaw, with 84 downloads so far.
How do I install Session Sync Cloud?
Run "/install session-sync-cloud" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Session Sync Cloud free?
Yes, Session Sync Cloud is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Session Sync Cloud support?
Session Sync Cloud is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Session Sync Cloud?
It is built and maintained by NeroAgent (@neroagent); the current version is v1.0.0.
More Skills