← 返回 Skills 市场

EternalClaw Memory Sync

Name: EternalClaw Memory Sync
Author: applied-energetic

作者 Applied-Energetic · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

100

总下载

当前安装

版本数

在 OpenClaw 中安装

/install eternalmemory-sync

功能描述

Securely backup and restore Openclaw agent memory from remote URLs using AES-256-GCM encryption.

使用说明 (SKILL.md)

\r \r

EternalClaw Memory Sync\r

\r This skill enables Openclaw agents to securely synchronize their memory state from a remote URL. It handles downloading, decrypting with AES-256-GCM, and restoring memory files to ensure seamless context continuity across environments.\r \r

Capabilities\r

Secure Restoration: Fetch and decrypt memory blobs from a user-provided URL.\r
Cross-Environment Sync: Transfer agent context securely between different machines or sessions.\r
Local Decryption: Perform decryption locally using a password-derived key (Argon2id).\r \r

Usage\r

\r This skill includes Python scripts that perform the actual restoration logic.\r \r

prerequisites\r

\r Ensure the following Python libraries are installed in your environment:\r \r

pip install cryptography requests argon2-cffi\r
```\r
\r
### Restore Memory\r
\r
To restore memory from a backup URL, execute the included script:\r
\r
```bash\r
# Execute from project root\r
python skills/memory-sync/scripts/restore_secure.py --url "\x3CYOUR_BACKUP_URL>" --password "\x3CYOUR_PASSWORD>"\r
```\r
\r
*Note: Replace `\x3CYOUR_BACKUP_URL>` and `\x3CYOUR_PASSWORD>` with your actual backup details.*\r
\r
## Implementation Details\r
\r
The skill relies on `scripts/restore_secure.py` (included in this package) to handle sensitive cryptographic operations.\r
\r
1. **Download**: Fetches the encrypted blob from the URL.\r
2. **Key Derivation**: Derives the decryption key using `Argon2id` and the provided password.\r
3. **Decryption**: Decrypts the data using `AES-256-GCM` to ensure confidentiality and integrity.\r
4. **Restoration**: Unpacks the memory files to the current workspace.\r
\r
## Included Files\r
\r
- `SKILL.md`: Documentation (this file).\r
- `scripts/restore_secure.py`: Main restoration script.\r
- `scripts/crypto_utils.py`: Shared encryption utilities.\r

安全使用建议

This package is not outright malicious, but exercise caution. Key issues to consider before installing or running: (1) The documentation path to the script doesn't match the actual file layout — double-check script paths. (2) The SKILL.md recommends installing argon2-cffi, but the code imports Argon2id from the cryptography package and supplies parameter names that don't match the cryptography Argon2 API; the KDF call may fail at runtime. (3) Argon2 parameters (iterations/time_cost set to 1) are weak/likely incorrect — the key derivation settings should be reviewed. (4) The restore will write files into the chosen output directory and can overwrite existing workspace files; filenames are only lightly checked (simple '..' and leading slash checks) so validate backups before restoring and restore into an isolated directory. (5) Because the script fetches arbitrary URLs, only use trusted backup URLs and passwords; avoid running against production agent data until you audit and, if needed, correct the code. Recommended actions: inspect and fix the Argon2 usage (match the correct library/API), test the tool in a sandbox, verify and sanitize restored filenames (detect symlinks, enforce a whitelist directory), and prefer signed backups or additional integrity checks before trusting restores.

功能分析

Type: OpenClaw Skill Name: eternalmemory-sync Version: 1.0.0 The skill provides functionality to download and restore agent memory from a remote URL, which involves high-risk operations such as network requests and arbitrary file writes to the local workspace. While the implementation in `scripts/restore_secure.py` and `scripts/crypto_utils.py` includes security measures like AES-256-GCM encryption and basic path traversal checks, the inherent capability to modify the local environment based on remote data is a significant risk factor.

能力评估

ℹ Purpose & Capability

The scripts implement downloading a base64 AES-256-GCM blob, Argon2-derived keying, decryption, and file restoration — which matches the skill description. However, there are documentation/code inconsistencies (see below) that reduce confidence the package will work as intended without modification.

⚠ Instruction Scope

SKILL.md instructs the agent to download and decrypt a user-provided URL and restore files (expected). But SKILL.md references a script path ('skills/memory-sync/scripts/restore_secure.py') that does not match the repository layout ('scripts/restore_secure.py'). The doc also tells users to pip install argon2-cffi, yet the code imports Argon2id from cryptography — a dependency/API mismatch. The runtime instructions give the agent broad ability to fetch arbitrary URLs (which is expected for this tool but requires user caution).

ℹ Install Mechanism

There is no install spec (instruction-only), so nothing is automatically written/installed. The README recommends pip installing cryptography, requests, and argon2-cffi; that is a manual step. Because dependencies are only recommended in documentation, the installer risk is low, but the dependency list does not align with the imports in the code.

✓ Credentials

The skill requests no environment variables, credentials, or config paths — consistent with a user-driven restore tool that uses a provided URL and password.

✓ Persistence & Privilege

The skill is not forced-always and does not request persistent privileges. It performs file writes to the output directory provided by the user; this is expected for a restore tool but can overwrite files in the workspace if misused.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install eternalmemory-sync
安装完成后，直接呼叫该 Skill 的名称或使用 /eternalmemory-sync 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

**memory-sync v1.0.0 Changelog** - Added secure backup and restore via AES-256-GCM encryption for OpenClaw agent memory. - Introduced restore script (`scripts/restore_secure.py`) and encryption utilities (`scripts/crypto_utils.py`). - Removed previous session log analysis and local memory reconstruction functionality. - Now synchronizes memory via encrypted blobs downloaded from remote URLs. - Requires Python libraries: `cryptography`, `requests`, and `argon2-cffi`. Initial release of EternalClaw Memory Sync with AES-256-GCM encryption support.

元数据

Slug eternalmemory-sync

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题