← 返回 Skills 市场
macterra

Archon Vault

作者 macterra · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
458
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install archon-vault
功能描述
Encrypted distributed storage using Archon DID vaults. Manage vaults, backup and restore workspace/config/memory with multi-party access control. Use for cre...
使用说明 (SKILL.md)

Archon Vault - Encrypted Distributed Storage

Manage DID vaults and backup/restore files. Data is encrypted client-side before transmission — only you (or vault members) can decrypt.

Prerequisites

  • Archon identity configured (~/.archon.env with wallet path and passphrase)
  • Run archon-keymaster first to create your DID if you don't have one

Backup Operations

Backup Workspace to Vault

./scripts/backup/backup-to-vault.sh [vault-did]

Archives ~/clawd and ~/.openclaw to your encrypted vault. Respects .backup-ignore files.

Restore from Vault

./scripts/backup/restore-from-vault.sh \x3Cbackup-did> [target-dir]

Verify Backup Integrity

./scripts/backup/verify-backup.sh \x3Cbackup-did>

Disaster Recovery

./scripts/backup/disaster-recovery.sh

Full recovery procedure with mnemonic.

Vault Management

Create Vault

./scripts/vaults/create-vault.sh \x3Cvault-name>

Add/Remove Items

./scripts/vaults/add-vault-item.sh \x3Cvault-did> \x3Citem-did>
./scripts/vaults/remove-vault-item.sh \x3Cvault-did> \x3Citem-did>
./scripts/vaults/get-vault-item.sh \x3Cvault-did> \x3Citem-did>
./scripts/vaults/list-vault-items.sh \x3Cvault-did>

Manage Vault Members (Multi-Party Access)

./scripts/vaults/add-vault-member.sh \x3Cvault-did> \x3Cmember-did>
./scripts/vaults/remove-vault-member.sh \x3Cvault-did> \x3Cmember-did>
./scripts/vaults/list-vault-members.sh \x3Cvault-did>

Security Notes

  1. Backup scope: Archives ~/clawd and ~/.openclaw by default. Review .backup-ignore to exclude sensitive items.

  2. Encryption: All data encrypted before transmission to Archon gatekeeper/hyperswarm.

  3. Vault members: Adding a member grants them decrypt access to vault contents.

  4. Recovery: Your 12-word mnemonic is the master key. Store it offline.

安全使用建议
This skill mostly matches its stated purpose (backup/restore Archon DID vaults) but has several practical and security issues you should consider before installing or running it: - Missing runtime dependency declarations: the scripts use jq and sqlite3 (and rely heavily on zip/unzip), but these are not listed in the skill manifest. Ensure those tools are installed before running. - npx usage: the scripts call npx @didcid/keymaster at runtime. npx fetches code from the npm registry each run — review the @didcid/keymaster package source and trustworthiness before allowing runtime network installs. - Mnemonic handling risk: disaster-recovery.sh requires the 12-word mnemonic as a command-line argument, which can be observed via ps and saved to shell history. Prefer methods that read the mnemonic from a secure prompt or file with restricted permissions instead of a CLI arg. - Passphrase exposure: scripts source ~/.archon.env and export ARCHON_PASSPHRASE so child processes can access it. This is necessary for npx but increases exposure; protect ~/.archon.env and avoid running these scripts in multi-user environments. - Backup scope: defaults archive your workspace (script uses $PWD) and ~/.openclaw and may include sensitive data. Review and populate .backup-ignore carefully and run the backup from the correct working directory (the script warns about running from $HOME or /). - External endpoint: by default uploads go to https://archon.technology. If you need to avoid third-party servers, set ARCHON_GATEKEEPER_URL to a trusted local endpoint. Recommended actions before using: 1) Inspect the @didcid/keymaster package source/version that npx will fetch. 2) Install and verify jq, sqlite3, zip/unzip if you plan to run verification scripts. 3) Never pass your mnemonic on the command line; modify disaster-recovery.sh to read it from stdin or a protected file. 4) Backup and test in a controlled environment; verify .backup-ignore excludes anything sensitive. 5) If you cannot audit the upstream npm package, avoid running npx calls on a machine with sensitive data. Given the combination of undeclared deps, runtime package fetching, and unsafe mnemonic handling, proceed only after addressing these issues or classify the skill as high-risk for machines holding sensitive data.
功能分析
Type: OpenClaw Skill Name: archon-vault Version: 0.1.0 The skill is classified as suspicious due to multiple critical shell injection vulnerabilities across several scripts. User-controlled arguments are passed directly to `npx` commands (e.g., in `scripts/vaults/*.sh`) and directory paths are constructed from user input without sanitization (e.g., `TARGET_DIR` in `scripts/backup/disaster-recovery.sh` and `scripts/backup/restore-from-vault.sh`), potentially allowing arbitrary command execution or directory traversal. While the skill's stated purpose of backing up agent data is legitimate and it attempts to exclude sensitive files, these vulnerabilities represent significant security flaws that could be exploited by a malicious user or a compromised agent.
能力评估
Purpose & Capability
The requested credentials (ARCHON_WALLET_PATH, ARCHON_PASSPHRASE) and the use of @didcid/keymaster align with an Archon DID vault backup/restore skill. However the declared required binaries mismatch what the scripts actually use: SKILL.md lists node, npx, tar and optionally zip/unzip/sha256sum, but the scripts rely heavily on zip/unzip, jq, sqlite3, du and unzip/zip; tar is declared but not used. This is inconsistent and suggests the manifest was not kept in sync with the code.
Instruction Scope
The scripts will archive user workspace and ~/.openclaw and upload them to an external gatekeeper (default https://archon.technology). They also back up hexmem.db (memory) and will source ~/.archon.env (which contains the passphrase). The disaster-recovery script accepts a 12-word mnemonic as a plain CLI argument — this leaks the mnemonic to process listings and shell history. The scripts export ARCHON_PASSPHRASE into the environment for npx subprocesses, which exposes secrets to child processes. These behaviors are within a backup tool's domain but are sensitive and should be highlighted and mitigated.
Install Mechanism
There is no install spec, but the scripts call npx @didcid/keymaster at runtime. npx will fetch and execute packages from the npm registry at runtime, which means network-downloaded code runs on the machine whenever used. That is expected for npx usage but is higher-risk than a shipped, pinned binary. Also the manifest does not declare runtime dependencies like jq and sqlite3 that the scripts use.
Credentials
Requesting ARCHON_WALLET_PATH and ARCHON_PASSPHRASE is proportionate for a vault wallet tool. However the scripts also reference ARCHON_GATEKEEPER_URL (not listed in requires.env) and they source ~/.archon.env (implicitly relying on it). Exporting the passphrase for npx child processes and accepting mnemonics on the command line are sensitive practices that increase exposure of credentials.
Persistence & Privilege
The skill is not always: true, does not request system-wide config changes, and does not attempt to modify other skills. Autonomous invocation is allowed by default but is not, by itself, a red flag here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install archon-vault
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /archon-vault 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial public release of archon-vault. - Provides encrypted, distributed storage using Archon DID vaults with client-side encryption. - Allows backup and restore of workspace/config/memory with support for multi-party access control. - Includes scripts for creating/managing vaults, managing vault contents, and performing disaster recovery. - Flexible backup options with `.backup-ignore` support and integrity verification. - Requires Archon identity configuration and environment variables for secure operation.
元数据
Slug archon-vault
版本 0.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Archon Vault 是什么?

Encrypted distributed storage using Archon DID vaults. Manage vaults, backup and restore workspace/config/memory with multi-party access control. Use for cre... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 458 次。

如何安装 Archon Vault?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install archon-vault」即可一键安装,无需额外配置。

Archon Vault 是免费的吗?

是的,Archon Vault 完全免费(开源免费),可自由下载、安装和使用。

Archon Vault 支持哪些平台?

Archon Vault 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Archon Vault?

由 macterra(@macterra)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论