← 返回 Skills 市场
regan-milne

Claw Store Skill

作者 Regan-Milne · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
345
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install claw-store-skill
功能描述
Sovereign, recoverable memory for AI agents backed by Jackal decentralized storage.
使用说明 (SKILL.md)

Claw Store

Persist your memory across sessions and machines. Your data lives on Jackal Protocol decentralized storage — not on any single machine. If the machine dies, your memory survives.

All content is encrypted client-side with AES-256-GCM before leaving your machine. The server never sees plaintext.

Setup

  1. Get an API key: https://web-production-5cce7.up.railway.app/auth/login
  2. Set environment variable: JACKAL_MEMORY_API_KEY=\x3Cyour-key>
  3. Install dependency: pip install cryptography
  4. On first save, an encryption key is auto-generated and saved to ~/.config/jackal-memory/key. To use the same key on other machines, copy it: 
    python {baseDir}/jackal-memory/client.py keygen
    Set JACKAL_MEMORY_ENCRYPTION_KEY=\x3Cyour-key> — this takes priority over the key file.

Base URL

https://web-production-5cce7.up.railway.app

Auth

Authorization: Bearer $JACKAL_MEMORY_API_KEY

Usage

On session start — restore memory:

python {baseDir}/jackal-memory/client.py load \x3Ckey>

On session end — save memory:

python {baseDir}/jackal-memory/client.py save \x3Ckey> \x3Ccontent>

Check storage usage:

python {baseDir}/jackal-memory/client.py usage

Or call the API directly:

GET  /load/{key}
POST /save       {"key": "...", "content": "..."}
GET  /usage

Behaviour guidelines

  • Load your identity/memory blob on startup before doing any work
  • Write locally during the session as normal
  • Call save at session end or on significant state changes
  • Use descriptive keys: identity, session-2026-02-26, project-jackal
  • Never log or expose JACKAL_MEMORY_API_KEY in output
  • Never log or expose JACKAL_MEMORY_ENCRYPTION_KEY in output

Security

  • All content is encrypted before leaving your machine — the server cannot read your memories
  • Never paste API keys or encryption keys into chat logs
  • Back up your encryption key: python {baseDir}/jackal-memory/client.py keygen
  • Treat memory content as sensitive — it may contain credentials or personal data
安全使用建议
This package appears to do what it says: it encrypts memories locally and sends ciphertext to a remote service. Before installing, consider: (1) Trust the remote host (https://web-production-5cce7.up.railway.app) because while it cannot read your plaintext, it will see key names, sizes, and CIDs and will accept requests guarded by your JACKAL_MEMORY_API_KEY. (2) Securely back up your encryption key — losing it makes data unrecoverable; leaking it lets an attacker decrypt stored memories. The client prints the key on keygen and will create ~/.config/jackal-memory/key, so avoid running keygen in shared logs or shells. (3) If you need stronger assurance, self-host the server endpoint or audit the server code; you can also review the included client.py (provided) to confirm no hidden behavior. (4) Do not store long-lived secrets in memories unless you accept the risk profile described above.
功能分析
Type: OpenClaw Skill Name: claw-store-skill Version: 1.0.0 The skill bundle is benign. The `SKILL.md` provides clear, secure instructions for the AI agent, including explicit guidance to 'Never log or expose JACKAL_MEMORY_API_KEY' or 'JACKAL_MEMORY_ENCRYPTION_KEY', which are good security practices rather than prompt injection attacks. The `jackal-memory/client.py` script implements client-side AES-256-GCM encryption for data before sending it to the specified external API (`https://web-production-5cce7.up.railway.app`). It handles API keys and encryption keys securely via environment variables or a dedicated local configuration file (`~/.config/jackal-memory/key`). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or other harmful behaviors.
能力评估
Purpose & Capability
Name/description (recoverable agent memory backed by Jackal) match the implementation: the client encrypts data client-side and POSTs/GETs to the declared BASE_URL. Requiring JACKAL_MEMORY_API_KEY is proportional to accessing a remote storage API.
Instruction Scope
SKILL.md instructions align with the client.py implementation: it reads/writes an encryption key under ~/.config/jackal-memory/, reads JACKAL_MEMORY_API_KEY and optional JACKAL_MEMORY_ENCRYPTION_KEY, and provides save/load/usage commands. The instructions do not ask the agent to read unrelated files or exfiltrate other environment variables.
Install Mechanism
No install spec is included; this is an instruction-plus-script package. The only runtime dependency is the standard cryptography Python package (SKILL.md instructs pip install cryptography). No external downloads, archive extraction, or obscure install URLs are used.
Credentials
Only JACKAL_MEMORY_API_KEY (required) and JACKAL_MEMORY_ENCRYPTION_KEY (optional override) are used. This is proportional, but users must understand that the API key grants access to the remote service and that metadata (key names, sizes, CIDs) will be visible to that service even though content is AES-256-GCM-encrypted client-side.
Persistence & Privilege
The skill is not forced-always, is user-invocable, and does not modify other skills or system-wide settings. It writes a key file only under ~/.config/jackal-memory/ which is within its stated scope.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install claw-store-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /claw-store-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the claw_store skill for sovereign, recoverable AI memory backed by Jackal decentralized storage. - Supports encrypted, client-side AES-256-GCM memory storage and retrieval across sessions and machines. - Requires setup with a JACKAL_MEMORY_API_KEY and optional custom encryption key. - Includes usage instructions for saving, loading, and checking storage usage via CLI or direct API calls. - Emphasizes strong security practices: no plaintext leaves the client, and keys must not be logged or exposed.
元数据
Slug claw-store-skill
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Claw Store Skill 是什么?

Sovereign, recoverable memory for AI agents backed by Jackal decentralized storage. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 345 次。

如何安装 Claw Store Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install claw-store-skill」即可一键安装,无需额外配置。

Claw Store Skill 是免费的吗?

是的,Claw Store Skill 完全免费(开源免费),可自由下载、安装和使用。

Claw Store Skill 支持哪些平台?

Claw Store Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Claw Store Skill?

由 Regan-Milne(@regan-milne)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论