Birth System Manager

Name: Birth System Manager
Author: vg555558

功能描述

Manage birth encoding, migration packing/unpacking, identity whoami, secure wallet decryption, and full family tree lineage tracking for OpenClaw agents with...

使用说明 (SKILL.md)

Skill Instructions

When user says "birth init", "generate birth id", "出生认证", "初始化出生系统" or similar: Run: node {baseDir}/generate-birth-id.js This will generate a unique Birth ID for new instances, create an Ethereum wallet, and generate a cryptographic signature. If IS_CLONE=true is set, it will automatically generate a clone Birth ID. Return the generated Birth ID, wallet address, and signature verification status.
When user says "pack", "migrate pack", "birth pack", "打包迁移" or similar: Ask for password if not provided (use env BIRTH_PRIVATE_KEY_PASSWORD if set). Run: node {baseDir}/pack.js [password] Return the generated tar.gz path.
When user says "unpack", "install clone", "解包克隆", "unpack birth-pack" + path: Ask for package path and target dir (default ~/openclaw-new-lobster). Run: node {baseDir}/unpack.js \x3Cpath> \x3Ctarget> IMPORTANT: After unpacking, remind user to mark as clone:
```
export IS_CLONE=true
node ~/.openclaw/birth-system/clone-init.js
```
Or run directly: node {baseDir}/clone-init.js (requires IS_CLONE=true env var) This will generate new birth_id, set parent_id, and build family tree.
When user says "whoami", "birth whoami", "我的身份", "出生信息": Run: node {baseDir}/whoami.js Return full output including:
- Birth ID, Type (Original/Clone), Parent ID
- Full family tree with ancestor chain
- Creation time, Age
- Wallet address, Signature verification
- Clone suffix and ancestor count
When user says "mark as clone", "init clone", "initialize clone", "标记克隆": Check if IS_CLONE=true is set. If not, instruct user to run:
```
export IS_CLONE=true
node {baseDir}/clone-init.js
```
This will:
- Generate new birth_id (parent_id + '-clone-' + random suffix)
- Set parent_id to original birth_id
- Update type to 'clone'
- Build ancestors array with full lineage
- Re-sign with new signature Return new birth_id and family tree.
When user says "family tree", "lineage tree", "家族树", "克隆谱系": Run: node {baseDir}/whoami.js --verbose Return detailed family tree showing complete ancestor chain with creation dates.
When user says "fix clone", "修复克隆", "补救克隆身份": If user missed clone initialization after unpacking, guide them to:
1. Find parent_birth_id from the original package:
```
tar -xzf birth-pack-xxx.tar.gz ./.openclaw/birth-info.json
cat .openclaw/birth-info.json | grep birth_id
```
2. Run fix-clone with parent ID:
```
node {baseDir}/fix-clone.js \x3Cparent_birth_id> --auto
```
This will:
- Generate new birth_id for this instance
- Set parent_id to the specified parent
- Update type to 'clone'
- Build ancestors array
- Mark the fix timestamp (clone_fixed_at) Return updated birth_id and family tree.
When user says "decrypt wallet", "解密钱包", "show private key": Require password (env or ask). Run: node {baseDir}/decrypt-wallet.js ~/.openclaw/birth-info.json [password] Return ONLY wallet address and success message, NEVER show full private key.
General: If user asks about "龙虾出生系统", "clone lineage", "birth system": Explain it's for unique agent identity and cloning tracking with full family tree lineage tracking.

Security: All operations local, no network calls. Passwords via env only.

Migration Notes:

When cloning, ALWAYS set export IS_CLONE=true before running clone-init.js
Skipping clone initialization will result in identity being treated as "Original"
Family tree tracking requires proper clone marking at each generation

安全使用建议

Do NOT install this skill into a production agent without review and changes. Specific issues to consider: - generate-birth-id.js writes private_key in plaintext into ~/.openclaw/birth-info.json; this is sensitive and the README warns encryption is preferred but the code does not enforce it. Replace with encrypted storage or remove storing of raw private_key. - decrypt-wallet.js prints the private key to stdout by default (contradicts SKILL.md which promises 'NEVER show full private key'). Modify the script to never print the private key unless explicitly and knowingly requested, and avoid writing private keys to disk. - pack.js uses a default password ('default-secret-password') if none is supplied and then embeds the chosen password inside MIGRATION.md saved into the package. That effectively leaks the encryption password in the archive. Change the behavior to require an explicit password and never write it into package files or migration instructions. - The pack process includes workspace/skills/memory directories and system metadata (hostname), which can bundle arbitrary user data. Audit what will be included and add safer defaults or explicit confirmation prompts. - SKILL.md and package metadata do not declare environment variables the code actually uses (BIRTH_PRIVATE_KEY_PASSWORD, BIRTH_PACK_PASSWORD, IS_CLONE, etc.). The mismatch is misleading; update metadata and documentation to list required env vars and their security implications. - The SKILL.md contained unicode control characters (possible injection). Open SKILL.md in a hex-aware editor to ensure there is no hidden content or malicious prompt-injection text. Recommended next steps before installing: run the scripts in an isolated sandbox/container, back up ~/.openclaw/birth-info.json, remove or encrypt private_key fields, patch decrypt-wallet.js to avoid printing secrets, and change pack.js to never embed passwords into files and to prompt the user before archiving workspace content. If you cannot review and patch the code yourself, avoid installing this skill.

功能分析

Type: OpenClaw Skill Name: birth-system-manager Version: 1.2.0 The bundle manages agent identities and migrations but exhibits high-risk security practices. Specifically, 'generate-birth-id.js' stores raw Ethereum private keys in a local JSON file (~/.openclaw/birth-info.json), and 'decrypt-wallet.js' is explicitly designed to output these keys to stdout or a file. Additionally, 'pack.js' bundles sensitive state into an archive on the Desktop using a weak default password ('default-secret-password'). While these features align with the stated purpose of identity management and migration, the handling of cryptographic secrets is insecure and poses a high risk of accidental credential exposure.

能力评估

⚠ Purpose & Capability

Name/description claim birth, pack/unpack, and lineage management — that is consistent with the included scripts. However the pack script includes workspace/skills/memory and system metadata (hostname/platform) when creating migration archives, which is broader than a minimal 'birth id' manager and can cause unintentional bundling of arbitrary user data. The SKILL metadata indicates no required env vars, but code relies on several (IS_CLONE, BIRTH_PRIVATE_KEY_PASSWORD, BIRTH_PACK_PASSWORD, OPENCLAW_WORKSPACE etc.), so the declared capabilities do not fully match what the code needs.

⚠ Instruction Scope

SKILL.md asserts 'All operations local, no network calls' and 'Passwords via env only' and promises 'NEVER show full private key' on decryption. The code contradicts this: generate-birth-id.js stores raw private_key in birth-info.json, decrypt-wallet.js prints the private key to stdout by default (unless the user sets DECRYPT_OUTPUT_TO_FILE), and pack.js embeds the pack password in the generated MIGRATION.md (leaking the password inside the package). pack.js also collects hostname/platform and may include workspace/skills/memory directories in the archive — this can unintentionally capture sensitive files. These are scope and data-handling mismatches with the SKILL.md promises.

ℹ Install Mechanism

There is no external install spec (no network downloads) so nothing is fetched from unknown URLs at install time — that's lower risk. The package includes multiple Node JS scripts and implicitly requires Node modules (ethers, archiver) but the metadata only lists 'node' as a required binary; dependency installation is not declared. No extract-from-URL installs were found.

⚠ Credentials

The skill metadata declares no required env vars, but the code uses and/or relies on many environment settings: IS_CLONE (behavior change), BIRTH_PRIVATE_KEY_PASSWORD (decrypt private keys), BIRTH_PACK_PASSWORD (pack encryption password; defaults to 'default-secret-password' when unset), DECRYPT_OUTPUT_TO_FILE (controls writing private key to file), OPENCLAW_CONFIG_PATH/OPENCLAW_WORKSPACE (paths). Requiring or using private-key passwords and writing/reading birth-info.json are highly sensitive actions; the lack of declared credentials and the presence of an insecure default password in pack.js are disproportionate and not properly advertised.

ℹ Persistence & Privilege

The skill does not request 'always: true' and is user-invocable only — normal. It reads and writes the user's ~/.openclaw/birth-info.json and creates files under /tmp and ~/Desktop or the target dir during pack/unpack. That file I/O is expected for a birth/pack/unpack tool, but because of the sensitive nature of what it writes (plaintext private_key, encrypted backups, MIGRATION.md with password), the persistence behavior increases risk if installed without careful review.

版本历史

v1.2.0

✨ Added generate-birth-id.js for birth initialization of new OpenClaw instances. Supports automatic clone detection via IS_CLONE environment variable. Generates unique Birth IDs using Ethereum DID with cryptographic signature verification.

v1.1.1

🔧 Added fix-clone.js tool to manually fix clone identity when clone-init was missed after unpacking. Supports manual parent_id specification for补救 cloning mistakes.

v1.1.0

✨ Added full family tree lineage tracking with parent-child relationships and clone generation tracking. New clone-init.js script for proper clone initialization. Enhanced whoami.js with family tree visualization.

v1.0.0

Initial release: Birth system manager with pack/unpack/whoami/decrypt-wallet features

元数据

Slug birth-system-manager

版本 1.2.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 4

常见问题

Birth System Manager 是什么？

Manage birth encoding, migration packing/unpacking, identity whoami, secure wallet decryption, and full family tree lineage tracking for OpenClaw agents with... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 354 次。

如何安装 Birth System Manager？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install birth-system-manager」即可一键安装，无需额外配置。

Birth System Manager 是免费的吗？

是的，Birth System Manager 完全免费（开源免费），可自由下载、安装和使用。

Birth System Manager 支持哪些平台？

Birth System Manager 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Birth System Manager？

由 vg555558（@vg555558）开发并维护，当前版本 v1.2.0。