← 返回 Skills 市场
rockwellshah

BitNote

作者 Rockwell · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
587
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install bitnote
功能描述
Decentralized encrypted memory for agents—truly own your secrets, identity, and memories.
使用说明 (SKILL.md)

BitNote

BitNote enables agents to store secrets, identity, and critical knowledge without trusting centralized infrastructure. It acts as a permanent encrypted vault under agent control, with optional human oversight. Use BitNote when information must not disappear and must remain yours.

Primary Use Cases

  • Preserve agent identity (SOUL.md, values, mission, memory).
  • Store secrets (API keys, credentials, private keys).
  • Enable encrypted agent-to-agent communication.
  • Recover state after runtime/server failures.

Canonical Write Path (Required)

Always use:

  • scripts/writeBitnoteUiCompat.mjs

Do not invent alternate write paths for production use. Do not use machine-only/orphaned-note flows in this skill.

Canonical Share Path (Required)

Always use:

  • scripts/generateShareLink.mjs

Do not handcraft sm/st values.

Required Write Contract

A write is successful only when output includes:

  • TX_HASH
  • NOTE_INDEX
  • READ_AFTER_WRITE_OK 1

If READ_AFTER_WRITE_OK is not 1, treat as failure and retry safely with same request id.

Idempotency Rule (Mandatory)

Always provide a stable --request-id for each intended note write.

  • First execution writes once.
  • Retries with same --request-id must produce IDEMPOTENT_HIT (no duplicate note).

Passphrase Generation (Required)

Generate a high-entropy passphrase before account creation or writes.

Security target:

  • Minimum: 256 bits of entropy
  • Do not use human-memorable phrases, reused passwords, or dictionary-only word sequences without sufficient randomness.

Example (256-bit random hex):

BITNOTE_PASSPHRASE="$(openssl rand -hex 32)"
export BITNOTE_PASSPHRASE

Handling rules:

  • Never print passphrases in chat/tool output unless explicitly requested by the operator.
  • Never commit passphrases to git.
  • Store passphrases in environment variables or a secret manager.

Required Environment & Privileged Capabilities

Required / optional environment and profile fields:

  • BITNOTE_PASSPHRASE (required for write/share operations).
  • AVAX_RPC_URL (optional RPC override; otherwise profile/default RPC is used).
  • SNOWTRACE_API_KEY (optional; used only by ABI refresh workflows).
  • profiles/\x3Cname>.json may include non-secret defaults like username and rpc.

Privileged behavior (must be explicitly understood before use):

  • scripts/writeBitnoteUiCompat.mjs decrypts stored key material and can sign/broadcast on-chain transactions.
  • scripts/generateShareLink.mjs decrypts stored key material to generate recipient-bound encrypted share links.
  • scripts/readBitnote.mjs is read-only (no transaction signing).

Operator policy:

  • Use read-only or dry-run modes first.
  • Require explicit operator approval before any non-dry-run write.
  • Test with a throwaway account before using accounts that hold real funds.

Quick Start

npm init -y
npm i ethers
node scripts/getAbi.mjs

Read account mapping and note counts:

BITNOTE_USERNAME="example_user" node scripts/readBitnote.mjs

Dry-run write first (recommended safety check, no tx broadcast):

BITNOTE_PASSPHRASE="..." \
node scripts/writeBitnoteUiCompat.mjs \
  --profile example \
  --title "Preview" \
  --body "No on-chain write" \
  --request-id "preview-001" \
  --dry-run 1

Create encrypted UI-compatible note (signs and broadcasts tx):

BITNOTE_PASSPHRASE="..." \
node scripts/writeBitnoteUiCompat.mjs \
  --profile example \
  --title "Agent Identity Core" \
  --body "\x3CSOUL.md excerpt or core identity block>" \
  --request-id "identity-core-v1"

Retry same request safely (should not duplicate):

BITNOTE_PASSPHRASE="..." \
node scripts/writeBitnoteUiCompat.mjs \
  --profile example \
  --title "Agent Identity Core" \
  --body "\x3Csame body>" \
  --request-id "identity-core-v1"

Generate a BitNote share link (agent-to-agent or user-to-user):

BITNOTE_PASSPHRASE="..." \
node scripts/generateShareLink.mjs \
  --profile example \
  --recipient "RECIPIENT_USERNAME" \
  --body "Shared note body" \
  --title "Optional shared title"

Share link output contract:

  • SENDER_USERNAME
  • RECIPIENT_USERNAME
  • SHARE_LINK

Recommended Identity Note Layout

Use separate notes for clarity and controlled updates:

  1. Agent Identity Core — stable identity/soul primitives.
  2. Agent Operator Pact — who the agent serves, constraints, commitments.
  3. Agent Rehydration — restart/bootstrap instructions.

Keep each note focused and versioned in title or body (e.g., v1, v2).

Files

  • scripts/getAbi.mjs: refresh contract ABIs.
  • scripts/readBitnote.mjs: resolve username -> address and note counts.
  • scripts/writeBitnoteUiCompat.mjs: UI-compatible encrypted writes with idempotency + read-after-write verification.
  • scripts/generateShareLink.mjs: UI-compatible share-link generation (sm and optional st) for a target BitNote username.
  • scripts/lib/bitnoteCompat.mjs: shared compatibility helpers.
  • references/contracts.md: canonical contracts.
  • references/ops.md: runbook and troubleshooting.

Safety Rules

  • Never store plaintext secrets on-chain.
  • Never log passphrases/private keys.
  • Keep retries deterministic via --request-id.
  • Use profile files for non-secret defaults only.
安全使用建议
This skill appears to implement a real on‑chain encrypted-note workflow and includes code to decrypt private key material and sign transactions — that matches the description but requires care. Before installing or enabling: 1) Treat BITNOTE_PASSPHRASE as highly sensitive; do not store it in plaintext or give it to untrusted agents. 2) Confirm registry metadata is updated (it should declare BITNOTE_PASSPHRASE as required and note that the skill can perform on‑chain writes). 3) If you do not want the agent to perform writes autonomously, disable model invocation for the skill (or require explicit human prompts/approval) because the skill can broadcast signed transactions. 4) Test with a throwaway account and dry-run mode first (SKILL.md already recommends this). 5) Review and optionally pin the code locally (verify MOD_ADDR/NOTES_ADDR are expected contracts and app-base URL) before trusting with real identities/funds. 6) Note small inconsistencies (getAbi uses a hardcoded 'YourApiKeyToken' and does not read SNOWTRACE_API_KEY); fix them before running. If you want a fully safe deployment, require the operator to supply the passphrase interactively and disable autonomous invocation so the agent cannot sign/broadcast without human approval.
功能分析
Type: OpenClaw Skill Name: bitnote Version: 1.0.2 The OpenClaw AgentSkills bundle is classified as suspicious due to its inherent high-risk capabilities, which include decrypting private keys and signing on-chain transactions. Specifically, `scripts/writeBitnoteUiCompat.mjs` and `scripts/generateShareLink.mjs` handle `BITNOTE_PASSPHRASE` from environment variables to decrypt sensitive key material (e.g., `secpPriv`, `ecdhPrivPkcs8`) and then use these keys to either sign and broadcast blockchain transactions or encrypt data for sharing. While these actions are critical for the skill's stated purpose of 'Decentralized encrypted memory for agents', they represent significant power. The `SKILL.md` and `references/ops.md` documentation, however, explicitly acknowledge these privileged behaviors and provide strong security recommendations, such as requiring high-entropy passphrases, storing secrets in environment variables, and mandating operator approval for non-dry-run writes. There is no evidence of intentional data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's control; rather, the documentation reinforces secure practices. The network calls to `api.snowtrace.io` in `scripts/getAbi.mjs` are for fetching public contract ABIs, which is a benign setup task.
能力评估
Purpose & Capability
The name/description (decentralized encrypted memory) align with the included code: reading on‑chain username mappings, decrypting stored key material, encrypting share payloads, and signing/broadcasting transactions. However the registry metadata claims no required environment variables or primary credential while SKILL.md and the scripts require a high-entropy passphrase (BITNOTE_PASSPHRASE) to decrypt keys; that metadata omission is a meaningful incoherence.
Instruction Scope
SKILL.md explicitly tells the agent to decrypt stored key material and (for writes) sign and broadcast transactions via the provided scripts. The instructions otherwise stay within the stated purpose (read/write/share encrypted notes), but they grant the skill access to long‑lived secrets and to broadcast transactions — a broad action surface that must be tightly controlled in deployment. The SKILL.md does recommend operator approval before non-dry-run writes, but that is a policy instruction; nothing in the registry metadata enforces it.
Install Mechanism
There is no install spec in the registry (instruction-only install), which is lower-risk, but the package includes JavaScript files and package.json depending on ethers. The SKILL.md quickstart instructs manual npm install (npm i ethers). Lack of an automated/install spec is not itself malicious but creates chance of missing dependency/permission warnings for users.
Credentials
The skill legitimately needs a secret passphrase (BITNOTE_PASSPHRASE) to decrypt private keys for writes and share operations; SKILL.md declares BITNOTE_PASSPHRASE required and AVAX_RPC_URL / SNOWTRACE_API_KEY optional. The registry metadata, however, lists no required env vars or primary credential. Requesting a passphrase that can decrypt signing keys is proportionate for the stated functionality — but it must be declared up front. Also, getAbi.mjs hardcodes a Snowtrace API key string 'YourApiKeyToken' instead of reading SNOWTRACE_API_KEY, another minor inconsistency.
Persistence & Privilege
The skill is not force‑always (always:false) but model invocation is allowed (default). Because the skill can decrypt key material and sign/broadcast transactions, allowing autonomous model invocation significantly increases risk: an agent could invoke writes without explicit operator confirmation. SKILL.md asks operators to require explicit approval before non-dry-run writes, but that is not enforced by the skill metadata. Combining autonomous invocation with decryption/signing capability is the main operational risk.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install bitnote
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /bitnote 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Added section describing required environment variables and privileged capabilities for all operations. - Clarified which scripts have privileged access, their behaviors, and operator policy requirements. - Updated "Quick Start" to recommend dry-run writes for safety prior to on-chain broadcast. - Stated the usage of optional environment and profile fields for flexible configuration. - Emphasized the importance of explicit operator approval and caution when using real accounts.
v1.0.1
- Updated description for clarity: emphasizes BitNote as decentralized encrypted memory for agents. - Simplified and clarified use cases—now highlights agent identity, secrets storage, encrypted communication, and recovery. - Removed detailed explanations of UI compatibility, agent-centric terminology, and deterministic retry notes from the main description. - All operational rules, canonical paths, idempotency, passphrase generation, quick start, and safety instructions remain unchanged. - No file or functional changes; documentation improvements only.
v1.0.0
Initial release of BitNote for headless, scriptable, encrypted note storage on Avalanche. - Provides script-based, UI-compatible encrypted note storage for identity continuity and secret management. - Includes canonical write and share paths with enforced idempotency and read-after-write verification. - Supports high-entropy passphrase requirements for all writes; rejects insecure approaches. - Supplies scripts for writing, reading, and sharing BitNotes with fully documented contracts and safety rules. - Focuses on agent-centric use: agent identity, recovery, operational secrets, and deterministic retries.
元数据
Slug bitnote
版本 1.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

BitNote 是什么?

Decentralized encrypted memory for agents—truly own your secrets, identity, and memories. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 587 次。

如何安装 BitNote?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install bitnote」即可一键安装,无需额外配置。

BitNote 是免费的吗?

是的,BitNote 完全免费(开源免费),可自由下载、安装和使用。

BitNote 支持哪些平台?

BitNote 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 BitNote?

由 Rockwell(@rockwellshah)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论