← 返回 Skills 市场
regan-milne

Claw Store 1.3.3

作者 Regan-Milne · GitHub ↗ · v1.3.7 · MIT-0
cross-platform ⚠ suspicious
667
总下载
0
收藏
5
当前安装
21
版本数
在 OpenClaw 中安装
/install claw-store
功能描述
Sovereign, recoverable memory for AI agents backed by Jackal decentralized storage.
使用说明 (SKILL.md)

\r \r

Claw Store\r

\r Persist your memory across sessions and machines. Your data lives on Jackal Protocol decentralized storage — not on any single machine. If the machine dies, your memory survives.\r \r All content is encrypted client-side with AES-256-GCM before leaving your machine. The server never sees plaintext.\r \r

Trust & security quick facts\r

\r

  • Runtime API host: https://web-production-5cce7.up.railway.app (separate from homepage domain)\r
  • Data leaving your machine: encrypted payloads + key metadata + your Jackal public address for provisioning\r
  • Data not leaving your machine: plaintext memory content, encryption key, wallet mnemonic/private key\r
  • No runtime wordlist download: BIP39 English wordlist is vendored locally in this skill package\r
  • Secret file permissions: locally generated key/mnemonic files are written with 0600 permissions\r \r
  • Homepage: https://obsideo.io\r
  • Source code: https://github.com/Regan-Milne/jackal-memory\r
  • Publisher: Obsideo ([email protected])\r \r

Setup\r

\r

  1. Get an API key: https://web-production-5cce7.up.railway.app/auth/login\r
  2. Set environment variable: JACKAL_MEMORY_API_KEY=\x3Cyour-key>\r
  3. Install Python dependency: pip install cryptography\r
  4. Install Node.js runtime (recommended Node >=20) and install helper deps in the skill folder:\r npm install\r
  5. On first save, an encryption key and a Jackal wallet are auto-generated locally and saved to\r ~/.config/jackal-memory/. These never leave your machine.\r \r Back up your encryption key (run once, store the output safely):\r
python {baseDir}/jackal-memory/client.py keygen\r
```\r
Set `JACKAL_MEMORY_ENCRYPTION_KEY=\x3Cyour-key>` to use the same key on other machines.\r
\r
**Back up your Jackal wallet mnemonic** (controls on-chain storage ownership):\r
```\r
python {baseDir}/jackal-memory/client.py wallet\r
```\r
Set `JACKAL_MEMORY_WALLET_MNEMONIC=\x3Cmnemonic>` to use the same wallet on other machines.\r
\r
## Onboarding new users\r
\r
If `JACKAL_MEMORY_API_KEY` is not set:\r
\r
1. Tell the user you need their Claw Store API key to get started\r
2. Send them to: https://web-production-5cce7.up.railway.app/auth/login — sign in with Google, the key is shown immediately\r
3. Instruct them to set it **directly in their environment** — never share or paste an API key into chat:\r
   ```\r
   export JACKAL_MEMORY_API_KEY=\x3Ctheir-key>\r
   ```\r
4. Once set, confirm you're connected and offer to save something right away as a first test\r
5. After the first successful save, remind the user to back up their Jackal wallet mnemonic:\r
   ```\r
   python {baseDir}/jackal-memory/client.py wallet\r
   ```\r
   The mnemonic controls their on-chain storage. Losing it means losing sovereign access to stored files.\r
\r
**Important:** Never ask the user to paste their API key, encryption key, or wallet mnemonic into chat. Always direct them to set it as an environment variable on their machine.\r
\r
## Base URL\r
\r
`https://web-production-5cce7.up.railway.app`\r
\r
Note: this runtime API host is currently on Railway and is distinct from the project homepage domain (`obsideo.io`). Verify endpoint trust in your environment before use.\r
\r
## Auth\r
\r
`Authorization: Bearer $JACKAL_MEMORY_API_KEY`\r
\r
## Usage\r
\r
**On session start** — restore memory:\r
```\r
python {baseDir}/jackal-memory/client.py load \x3Ckey>\r
```\r
\r
**On session end** — save memory:\r
```\r
python {baseDir}/jackal-memory/client.py save \x3Ckey> \x3Ccontent>\r
```\r
\r
**Check storage usage:**\r
```\r
python {baseDir}/jackal-memory/client.py usage\r
```\r
\r
**List known saved keys (local manifest):**\r
```\r
python {baseDir}/jackal-memory/client.py list\r
python {baseDir}/jackal-memory/client.py list project-\r
```\r
\r
**Export local key manifest for backup/migration:**\r
```\r
python {baseDir}/jackal-memory/client.py manifest-export ~/jackal-manifest.json\r
```\r
\r
**Show/generate Jackal wallet:**\r
```\r
python {baseDir}/jackal-memory/client.py wallet\r
python {baseDir}/jackal-memory/client.py wallet --show-mnemonic\r
python {baseDir}/jackal-memory/client.py walletgen\r
```\r
\r
**Or call the API directly:**\r
```\r
GET  /load/{key}\r
POST /save       {"key": "...", "content": "..."}\r
GET  /usage\r
```\r
\r
## Behaviour guidelines\r
\r
- Load your identity/memory blob on startup before doing any work\r
- Write locally during the session as normal\r
- Call save at session end or on significant state changes\r
- Use descriptive keys: `identity`, `session-2026-02-26`, `project-jackal`\r
- Never log or expose `JACKAL_MEMORY_API_KEY` in output\r
- Never log or expose `JACKAL_MEMORY_ENCRYPTION_KEY` in output\r
\r
## Network latency & propagation (important)\r
\r
Jackal is eventually consistent across a provider pool. A successful save means the write was accepted, but read visibility can lag.\r
\r
Agent protocol:\r
\r
1. If save succeeds, treat it as accepted and continue work (optimistic flow).\r
2. If immediate load fails, do not assume data loss.\r
3. Retry with patience (recommended: 8 attempts, 15s apart; ~2 minutes total).\r
4. If still unavailable, report as `propagation delay` and re-check later.\r
5. Escalate only after extended delay windows continue to fail.\r
\r
Notes:\r
- Provider-level logs like `Error: Can't claim` can be non-fatal noise.\r
- Some providers may temporarily fail while others succeed.\r
- Operationally: save now, verify later, then finalize once data becomes readable.\r
\r
## Proactive memory suggestions\r
\r
When you encounter something that seems important — a key decision, user preference, project status, significant result, or plan — proactively say:\r
\r
> "This seems important. Should I back it up to Claw Store?"\r
\r
If the user confirms, save it immediately with a descriptive key. Do not wait until the end of the session for important information — suggest saving it as soon as you recognise its value.\r
\r
Never proactively suggest storing raw secrets (passwords, API keys, private keys, recovery phrases, tokens).\r
Only store such material if the user explicitly requests it and understands the risk.\r
\r
## Wallet sovereignty\r
\r
Each user gets their own Jackal wallet, generated locally on first save. The private key (mnemonic)\r
**never leaves your machine** — not even the API server sees it. Your storage is owned by your wallet\r
address on the Jackal blockchain. If Obsideo shuts down, you can access your files directly via any\r
Jackal client using your mnemonic.\r
\r
Back up the mnemonic:\r
```\r
python {baseDir}/jackal-memory/client.py wallet\r
```\r
\r
For selective recovery after hardware loss, keep all three backups:\r
1. `JACKAL_MEMORY_WALLET_MNEMONIC`\r
2. `JACKAL_MEMORY_ENCRYPTION_KEY`\r
3. local key manifest (`manifest-export`) so you can restore specific keys instead of guessing.\r
\r
## Endpoint and storage transparency\r
\r
This skill interacts with:\r
\r
- Obsideo API: `https://web-production-5cce7.up.railway.app`\r
- Jackal decentralized storage providers (resolved dynamically by Jackal SDK)\r
- Local subprocess: `jackal-memory/jackal-client.js` (Node helper for Jackal upload/download)\r
\r
Local files written by this skill:\r
\r
- `~/.config/jackal-memory/key` (AES encryption key, if not provided via env; written with `0600`)\r
- `~/.config/jackal-memory/jackal-mnemonic` (wallet mnemonic, if not provided via env; written with `0600`)\r
- `.env` (read-only): `jackal-client.js` will load one directory up if present, to populate missing env vars.\r
\r
Operational note: run in a clean environment when possible to avoid unintentionally inheriting unrelated secrets from `.env`.\r
\r
## Security\r
\r
- All content is encrypted before leaving your machine — the server cannot read your memories\r
- Your Jackal wallet private key never leaves your machine\r
- Set API keys and secrets directly in local environment variables; never paste them into chat\r
- Back up both keys: `keygen` (encryption) and `wallet` (Jackal mnemonic)\r
- Treat memory content as sensitive — it may contain personal or operational data\r
- Do not proactively store raw secrets unless the user explicitly asks\r
- BIP39 English wordlist is included locally in the package (no runtime fetch required).\r
安全使用建议
This package appears to be what it claims: client-side AES-GCM encryption and wallet-based storage on Jackal. Before installing: 1) Verify you trust the runtime API host (BASE_URL is https://web-production-5cce7.up.railway.app, different from the homepage) — you may prefer an official or self-hosted endpoint. 2) Do not paste your encryption key or mnemonic into chat; set env vars locally and keep backups offline. 3) Review/package-audit the npm dependencies (run npm audit) and consider installing in an isolated environment or container. 4) Understand that the JACKAL_MEMORY_WALLET_MNEMONIC controls on-chain ownership — losing it could mean permanent loss of access. If you need higher assurance, consider generating and storing the mnemonic in a hardware wallet or secure vault and only using stateless provisioning keys for the agent.
功能分析
Type: OpenClaw Skill Name: claw-store Version: 1.3.7 The claw-store skill bundle provides a decentralized memory persistence layer for AI agents using the Jackal Protocol. Analysis of client.py and jackal-client.js confirms that all data is encrypted client-side using AES-256-GCM before transmission, and sensitive credentials like the BIP39 mnemonic and encryption keys are stored locally with restricted (0600) permissions. The SKILL.md instructions include proactive security guidelines, explicitly forbidding the agent from asking for or logging secrets in chat. The use of a Railway-hosted API (web-production-5cce7.up.railway.app) is limited to storage provisioning and usage tracking, with no evidence of private key exfiltration or malicious execution.
能力评估
Purpose & Capability
Name/description (sovereign agent memory on Jackal) match the code and SKILL.md. The required env vars (API key, encryption key, wallet mnemonic) are exactly what a client that provisions storage and performs client-side encryption would need. The package includes BIP39 wordlist and wallet/key generation code, which is consistent with the stated functionality.
Instruction Scope
SKILL.md instructions limit actions to wallet/key generation, local storage under ~/.config/jackal-memory, AES-256-GCM encryption, and API calls to the provision/runtime host. The README explicitly tells the user not to paste secrets into chat and to set environment variables locally. There are no instructions to read or exfiltrate unrelated system files or credentials.
Install Mechanism
This is instruction-first with two shipped client implementations (Python and Node). There is no automatic installer in metadata; SKILL.md instructs running 'pip install cryptography' and 'npm install' in the skill folder. Dependencies are pulled from PyPI/npm (no arbitrary URL downloads), which is expected but means you should review or sandbox npm installs. package-lock.json shows widely used packages (some with deprecation/security notices in their own metadata), which is normal but worth auditing before use.
Credentials
The required environment variables (JACKAL_MEMORY_API_KEY, JACKAL_MEMORY_ENCRYPTION_KEY, JACKAL_MEMORY_WALLET_MNEMONIC) are all directly relevant to provisioning, encrypting, and signing storage transactions. The skill writes user secrets to ~/.config/jackal-memory (0600) as documented — this is expected but the wallet mnemonic is highly sensitive and must be protected/ backed up out-of-band.
Persistence & Privilege
Skill is not marked always:true and does not request elevated system-wide privileges. It stores its own files in the user's home config directory and does not modify other skills or global agent settings. The skill can be invoked autonomously (platform default), which is normal for skills and not a standalone reason for concern.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install claw-store
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /claw-store 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.7
Dual setup path: save/load now work with mnemonic+encryption key only (no API key needed for pre-provisioned wallets). API key only required for fresh walletgen and usage commands.
v1.3.6
Fix env var table: ENCRYPTION_KEY and WALLET_MNEMONIC are required; API_KEY is provisioning-only (not needed with pre-provisioned wallet). Remove accidentally bundled SKILL_draft.md.
v1.3.5
Add setup instructions (npm install + pip install cryptography). Document JACKAL_MEMORY_WALLET_MNEMONIC → JACKAL_MNEMONIC translation in Python wrapper. Add env var table. Address ClaWHub security scanner findings.
v1.3.4
Trimmed SKILL.md to ~67 lines. Network lag protocol moved up, retry-via-heartbeat pattern, context-efficient.
v1.3.3
claw-store 1.3.3 - Documentation (SKILL.md) reformatted and trimmed trailing content for clarity; no functional/operational changes. - Internal changes across client and package files (jackal-memory/client.py, jackal-memory/jackal-client.js, etc.). - BIP39 English wordlist (bip39_english.txt) preserved for local wallet generation. - No user-facing command or behavior changes in this release.
v1.3.2
Architecture lock: Railway control-plane only (provisioning/auth/quota); client data path is direct Jackal upload/download; legacy /save and /load paths return 410 Gone.
v1.3.1
Bugfix release: improved Jackal error serialization and added sequence mismatch detection/retry signaling in node/skill jackal clients.
v1.3.0
Security/trust hardening: vendored local BIP39 wordlist (removed runtime fetch), enforced 0600 permissions for locally generated key/mnemonic files, and added explicit trust/data-flow/runtime host disclosures in SKILL.md. No functional workflow changes.
v1.0.12
Publisher contact correction only: [email protected] -> [email protected]
v1.0.11
Rollback: restore benign package content from 1.0.9
v1.0.10
Metadata/docs update: set publisher contact email to [email protected].
v1.0.9
Recovery UX update: add local manifest tracking on save, new list/manifest-export commands for selective restore, and docs for wallet+encryption+manifest backup workflow.
v1.0.8
Docs hardening: add Node/npm setup requirement, clarify Railway API host trust, document .env loading behavior, and note BIP39 runtime fetch for high-assurance deployments.
v1.0.7
Security/clarity update: declare encryption+wallet env vars, add endpoint/local-file transparency, and tighten guidance to avoid proactively storing raw secrets.
v1.0.6
Docs update: add latency/propagation guidance and patient retry protocol (8x15s) for eventual consistency.
v1.0.5
Per-user Jackal wallet sovereignty: each agent now gets their own on-chain storage. New commands: walletgen, wallet. Private key never leaves the user machine.
v1.0.4
- Updated homepage and repository URLs in metadata to official sites. - Added publisher contact information and project links in the documentation. - Clarified onboarding instructions: users must set API keys in their own environment and should never paste them into chat. - Improved security guidance to reinforce never sharing API or encryption keys in chat.
v1.0.3
- Simplified and clarified onboarding instructions for users without an API key. - Updated setup guidance to make key retrieval and environment variable setup more direct. - Emphasized that the assistant manages setup steps after the user provides their API key. - Removed step-by-step conversational onboarding; replaced with clearer procedural instructions. - No changes to API or behavior—documentation only.
v1.0.2
- Added an onboarding guide for new users when JACKAL_MEMORY_API_KEY is not set. - Skill now provides step-by-step setup instructions conversationally if the API key is missing. - No code or backend logic changes; documentation updated in SKILL.md only.
v1.0.1
- Added guidelines for proactive memory suggestions, encouraging users to save important information during the session. - No changes to setup or security instructions. - Documentation now advises suggesting backups for key data as soon as it's recognized.
元数据
Slug claw-store
版本 1.3.7
许可证 MIT-0
累计安装 5
当前安装数 5
历史版本数 21
常见问题

Claw Store 1.3.3 是什么?

Sovereign, recoverable memory for AI agents backed by Jackal decentralized storage. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 667 次。

如何安装 Claw Store 1.3.3?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install claw-store」即可一键安装,无需额外配置。

Claw Store 1.3.3 是免费的吗?

是的,Claw Store 1.3.3 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Claw Store 1.3.3 支持哪些平台?

Claw Store 1.3.3 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Claw Store 1.3.3?

由 Regan-Milne(@regan-milne)开发并维护,当前版本 v1.3.7。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论