← 返回 Skills 市场
ontehfritz

Openclaw

作者 Fritz (Fredrick Seitz) · GitHub ↗ · v1.1.0 · MIT-0
darwinlinux ⚠ suspicious
339
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install demarkus
功能描述
Persistent agent memory and versioned markdown documents over the Mark Protocol (mark://). Use when asked to remember something across sessions, fetch or pub...
使用说明 (SKILL.md)

Setup

First, ask the user: local server or remote server?

  • Local — install and run demarkus on this machine (default)
  • Remote — connect to an existing demarkus server (the user must provide the server URL and a write token)

Option A: Local Server

Check if already installed:

which demarkus

If not found, install the full stack (client, server, MCP binary, daemon):

curl -fsSL https://raw.githubusercontent.com/latebit-io/demarkus/main/install.sh | bash

Store the token and register demarkus-mcp with mcporter:

if [ "$(uname)" = "Darwin" ]; then
  TOKEN=$(cat ~/.demarkus/initial-token.txt)
else
  TOKEN=$(sudo cat /etc/demarkus/initial-token.txt)
fi

demarkus token add mark://localhost "$TOKEN"

mcporter config add demarkus \
  --command demarkus-mcp \
  --arg -host --arg "mark://localhost" \
  --arg -insecure \
  --scope home

Option B: Remote Server

Ask the user for:

  1. The server URL (e.g. mark://soul.example.com)
  2. A write token (the server admin provides this)

Install the client binaries (no server, no daemon):

curl -fsSL https://raw.githubusercontent.com/latebit-io/demarkus/main/install.sh | bash -s -- --client-only

Store the token and register demarkus-mcp with mcporter:

demarkus token add SERVER_URL USER_TOKEN

mcporter config add demarkus \
  --command demarkus-mcp \
  --arg -host --arg "SERVER_URL" \
  --scope home

Replace SERVER_URL and USER_TOKEN with the values from the user.

Verify

mcporter list demarkus --schema

For a quick test:

mcporter call 'demarkus.mark_fetch(url: "/index.md")'

About mcporter

Tools

  • demarkus.mark_fetch — read a document
  • demarkus.mark_publish — write or update (fetch first, use returned version as expected_version)
  • demarkus.mark_append — append content, no fetch required
  • demarkus.mark_list — list documents and directories
  • demarkus.mark_versions — full version history
  • demarkus.mark_discover — fetch the server's agent manifest
  • demarkus.mark_graph — crawl links and build a graph
  • demarkus.mark_backlinks — find what links to a document

Usage

# Fetch a document
mcporter call 'demarkus.mark_fetch(url: "/index.md")'

# List documents
mcporter call 'demarkus.mark_list(url: "/")'

# Append to journal
mcporter call 'demarkus.mark_append(url: "/journal.md", body: "## 2026-03-10\
Session notes here.")'

# Publish a document (fetch first to get version)
mcporter call 'demarkus.mark_publish(url: "/thoughts.md", body: "# Thoughts\
New content.", expected_version: 3)'

The Soul Pattern

Persistent memory across sessions. Your soul is a collection of markdown documents — a journal, thoughts, architecture notes, debugging lessons — that survive across conversations.

On every new session:

  1. mcporter call 'demarkus.mark_fetch(url: "/index.md")' — orient yourself
  2. Do the work
  3. mcporter call 'demarkus.mark_append(url: "/journal.md", body: "...")' — record what happened

Journaling

Use demarkus.mark_append to record session notes, key decisions, and what you learned. Each entry should include a date and a brief summary. This is your running log — append freely, never overwrite.

Thoughts and Reflections

Use demarkus.mark_publish to store your own reflections, open questions, and ideas. Unlike the journal (which is append-only), thoughts can be rewritten as your understanding evolves. Always fetch first to get the current version.

Recommended Structure

/index.md          — hub page linking to all sections
/journal.md        — session notes and evolution log (append-only)
/thoughts.md       — your reflections, ideas, open questions
/architecture.md   — system design and key decisions
/patterns.md       — code patterns, conventions, workflow
/debugging.md      — lessons from bugs and investigations
/roadmap.md        — what's done, what's next

Use demarkus.mark_append for journals and running notes — cheaper than fetch + republish. Never publish without fetching first — the server enforces optimistic concurrency.

Security and Privacy

  • Token handling: The installer writes a random token to ~/.demarkus/initial-token.txt (macOS) or /etc/demarkus/initial-token.txt (Linux). The setup script stores this token in the demarkus token store via demarkus token add so it stays out of config files and long-running process args. The MCP binary resolves tokens from the store at runtime and sends them only to the configured Mark server.
  • MCP bridge: mcporter spawns demarkus-mcp via stdio. No tokens appear in mcporter's config — they are resolved from the demarkus token store at runtime.
  • Network: The install script downloads binaries from https://github.com/latebit-io/demarkus. The server listens on all interfaces (:6309) — on Linux the installer opens UDP 6309 via ufw when available. In remote mode, the user provides the server URL explicitly.
  • Data storage: All documents are stored locally on disk (local mode) or on the user-specified remote server. No data is sent to third parties.
安全使用建议
This skill appears to do what it says (connect to a Mark server and store versioned markdown), but it asks you to run a remote install script and to read token files (including /etc/* with sudo on Linux). Before installing, do at least one of the following: - Inspect the install script at the GitHub URL yourself (do not run it blindly) and verify it does only what you expect. - Prefer configuring a remote server: provide your own server URL and a write token you control instead of letting an installer produce system-wide tokens. - Avoid running curl | bash directly; download the script, review it, and run it in a constrained environment (container, VM) or with least privilege. - Confirm whether the token stored at /etc/demarkus is necessary for your use; prefer per-user tokens (~/.demarkus) to avoid exposing system-scoped secrets. - If you must install mcporter via npx/npm, review that package (and its version) before execution. If you are not comfortable auditing the installer or exposing a token file under /etc, do not install this skill on a machine containing sensitive credentials.
功能分析
Type: OpenClaw Skill Name: demarkus Version: 1.1.0 The skill implements a persistent memory system for agents using a custom protocol (mark://) and requires high-privilege setup steps. It directs the agent to perform a 'curl | bash' installation from a remote GitHub repository (latebit-io/demarkus), installs a background daemon, and opens network ports (UDP 6309 via ufw). While these actions are consistent with the stated goal of running a local/remote document server, the use of unverified remote scripts and the handling of system-level tokens (/etc/demarkus/initial-token.txt) represent significant security risks.
能力评估
Purpose & Capability
Name/description (persistent memory via mark://) matches the required binaries (mcporter or npx, curl, bash) and the token files. However, the declared required config paths include both a user token file (~/.demarkus/initial-token.txt) and a system token file (/etc/demarkus/initial-token.txt) which is unusual: the instructions use one or the other depending on OS, but listing both as required is imprecise and could cause the agent to assume access to a system-wide secret unnecessarily.
Instruction Scope
SKILL.md instructs running a remote installer via curl piped to bash from a GitHub raw URL and to read token files (using sudo on Linux) into shell variables, then call demarkus token add and mcporter config add. These steps read and transmit a sensitive token and execute arbitrary code fetched at runtime. The instructions also recommend resolving tokens into a 'token store' but explicitly show the agent reading files and using sudo, which expands the skill's access to system-level secrets.
Install Mechanism
The primary install path is 'curl -fsSL https://raw.githubusercontent.com/latebit-io/demarkus/main/install.sh | bash' (remote script executed directly). While the host is GitHub (well-known), piping a remote script into bash is high-risk because it runs arbitrary code on the machine. The fallback/alternate install is an npm-style package (mcporter) which also pulls code from a package registry; both are reasonable for developer tooling but increase attack surface compared with instruction-only skills.
Credentials
No environment variables are declared, but the skill expects and directs access to sensitive config files that contain initial tokens. Reading /etc/demarkus/initial-token.txt (with sudo) is elevated access and may expose system-scoped tokens unrelated to the agent. The skill does not declare any minimal credential scope or clearly explain why system-level token access is required rather than only per-user tokens.
Persistence & Privilege
The skill is not force-enabled (always: false) and allows normal autonomous invocation. It instructs registering an mcporter config entry in the user's home scope and storing tokens in a token store — these are expected for a client/daemon integration. There is no indication it modifies other skills or global agent settings, but the installer writes files and registers binaries on the host which is persistent behavior and should be reviewed before running.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install demarkus
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /demarkus 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Switch to mcporter for MCP bridge (stdio); fix license to AGPL-3.0-only; use demarkus token store instead of CLI args
v1.0.1
Store tokens via demarkus token add instead of CLI args; fix mcp.servers config key; improve install script pipe handling
v1.0.0
Initial release — persistent agent memory via Mark Protocol
元数据
Slug demarkus
版本 1.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Openclaw 是什么?

Persistent agent memory and versioned markdown documents over the Mark Protocol (mark://). Use when asked to remember something across sessions, fetch or pub... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 339 次。

如何安装 Openclaw?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install demarkus」即可一键安装,无需额外配置。

Openclaw 是免费的吗?

是的,Openclaw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Openclaw 支持哪些平台?

Openclaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。

谁开发了 Openclaw?

由 Fritz (Fredrick Seitz)(@ontehfritz)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论