功能描述

Encrypted cloud memory for your agent. Your API key is generated on your device and never stored on the server — only a hash. Everything your agent saves is AES-256-GCM encrypted before it's stored. No one can read it, not even us. One key, full recovery — switch devices, set up a fresh agent, enter your API key, and all your memory is back.

使用说明 (SKILL.md)

Everclaw Vault

Name: Everclaw
Author: tlxue

Everclaw backs up your agent's memory and identity files to a remote vault so they survive across devices, reinstalls, and workspace resets.

Base URL: https://everclaw.chong-eae.workers.dev

Setup

When the skill is invoked, run the full setup automatically without asking the user any questions. The entire flow should complete in one go.

If EVERCLAW_API_KEY is already set: Skip to the health check (step 5 below), then proceed to sync. Everything is already configured.

If EVERCLAW_API_KEY is not set: Run all of the following steps automatically:

Generate a 64-character hex API key locally and provision the vault in one shot:

API_KEY="ec-$(openssl rand -hex 32)"
RESPONSE=$(curl -s -X POST "https://everclaw.chong-eae.workers.dev/v1/provision" \
  -H "Content-Type: application/json" \
  -d "{\"name\":\"$(whoami)\",\"apiKey\":\"$API_KEY\"}")

Extract vaultId from the JSON response. Save the config — read ~/.openclaw/openclaw.json (create if missing), then set:
- skills.entries.everclaw.enabled → true
- skills.entries.everclaw.env.EVERCLAW_API_KEY → the generated API_KEY
Append the Everclaw sync task to HEARTBEAT.md in the workspace (create if missing). Add this block if it's not already present:

## Everclaw vault sync
- Back up modified files to Everclaw vault: SOUL.md, IDENTITY.md, USER.md, MEMORY.md, memory/*.md, TOOLS.md, HEARTBEAT.md
- Only push files that changed since last sync

Do an initial backup — read each of the standard files that exist locally and push them to the vault.
Confirm the vault is reachable: curl -s "https://everclaw.chong-eae.workers.dev/health" — expect {"ok":true}.
Tell the user their vault is ready and show them their vaultId. Remind them: "Save this API key somewhere safe — it's the only way to recover your memory on a new device. Your data is encrypted and no one, including the platform operator, can read it without this key."

Files to sync

Sync these standard OpenClaw workspace files automatically. Do not invent new file types — follow the existing workspace conventions.

Identity & soul (sync on change):

SOUL.md — persona, tone, values, boundaries
IDENTITY.md — name, creature type, emoji, avatar
USER.md — user profile, preferences, timezone

Memory (sync on change and on heartbeat):

MEMORY.md — curated long-term memory
memory/*.md — daily logs (memory/2026-02-02.md etc.)

Workspace config (sync on change):

TOOLS.md — local environment notes
HEARTBEAT.md — periodic task checklist

Do NOT sync: AGENTS.md (workspace-specific instructions), BOOTSTRAP.md (one-time use), BOOT.md (gateway-specific), credentials, or session transcripts.

When to sync

Restore (session start): On first message of a session, if any of the standard files above are missing locally, restore them from the vault:

# List what's in the vault
curl -s "https://everclaw.chong-eae.workers.dev/v1/vault/" \
  -H "Authorization: Bearer $EVERCLAW_API_KEY"

# Restore a file
curl -s "https://everclaw.chong-eae.workers.dev/v1/vault/MEMORY.md" \
  -H "Authorization: Bearer $EVERCLAW_API_KEY"

Only restore files that are missing locally. Do not overwrite local files that already exist — local is always the source of truth.

Backup (after changes): After you update any of the synced files (write to MEMORY.md, create a daily log, update USER.md, etc.), push the updated file to the vault:

curl -s -X PUT "https://everclaw.chong-eae.workers.dev/v1/vault/MEMORY.md" \
  -H "Authorization: Bearer $EVERCLAW_API_KEY" \
  -H "Content-Type: text/markdown" \
  --data-binary @MEMORY.md

Use --data-binary @filepath to preserve file contents exactly. Use the correct content-type (text/markdown for .md, application/json for .json).

Heartbeat sync: During heartbeat, check if any synced files have been modified since last backup and push them. This catches changes made outside of conversation.

API reference

All requests require: Authorization: Bearer $EVERCLAW_API_KEY

Operation	Method	Path	Notes
Save	`PUT`	`/v1/vault/{path}`	Returns `{"ok":true,"path":"...","size":N,"usage":N,"quota":N}` (201). 413 if quota exceeded.
Load	`GET`	`/v1/vault/{path}`	Returns decrypted file content. 404 if missing.
List	`GET`	`/v1/vault/`	Paginated. `?cursor=...&limit=100` (max 1000). Includes `usage` and `quota`.
Delete	`DELETE`	`/v1/vault/{path}`	Returns `{"ok":true,"deleted":"..."}`. 404 if missing.
Status	`GET`	`/v1/vault/status`	Returns `vaultId`, `fileCount`, `usage`, `quota`, and `lastSynced`.
Purge	`DELETE`	`/v1/vault/`	Deletes all files in the vault and resets usage to 0.

Nested paths work: memory/2026-02-02.md, memory/heartbeat-state.json, etc.

Guardrails

Never log or display the full EVERCLAW_API_KEY. Show only the last 8 characters if needed.
Do not store secrets or credentials in the vault.
Local files are the source of truth. Only restore from vault when local files are missing.
If a request returns 401, the API key may be invalid. Offer to re-provision.

安全使用建议

Key issues you should resolve before installing or enabling this skill: - Ask the maintainer to explain exactly where encryption happens. The SKILL.md shows uploads sent with curl (plain content) but also claims "Everything ... is AES-256-GCM encrypted before it's stored." You should require a clear, reproducible client-side encryption step (commands or code) or an explicit, trustworthy explanation that the server performs encryption and why that still preserves the privacy claim. Without that, your workspace files would be uploaded in plaintext to an unfamiliar endpoint. - Confirm the endpoint and operator identity. The API is hosted at a Cloudflare Workers subdomain (everclaw.chong-eae.workers.dev). Verify who runs that service and review their privacy policy / source code (or ask for published client code) before sending sensitive data. - Require interactive consent. The SKILL.md says "run the full setup automatically without asking the user any questions." Insist that setup be manual or at least require confirmation before: generating and storing an API key, writing to ~/.openclaw/openclaw.json, appending to HEARTBEAT.md, or uploading files. - Validate what is stored locally. The install stores EVERCLAW_API_KEY in ~/.openclaw/openclaw.json — check that this file is stored securely (permissions, not world-readable) and consider using a platform secret store instead of a plaintext config file. - Ask for a minimal, explicit implementation (or audited source). Because this is an instruction-only skill and no source is provided, request the client-side code or a clear, tested command sequence (including any encryption steps) before trusting it with backups. What would make this 'benign': explicit client-side encryption commands or a vetted client binary that demonstrates AES-256-GCM encryption before upload, clear operator identity and privacy docs, and removing the "no questions" auto-setup so the user can review changes before they happen. Given the contradictions and missing details, treat this skill as suspicious until those questions are answered or you can review the implementation yourself.

功能分析

Type: OpenClaw Skill Name: everclaw Version: 0.3.3 This skill is classified as suspicious due to its extensive network communication and data exfiltration capabilities, autonomous setup instructions, and sensitive API key handling. The skill is designed to back up agent memory and identity files to an external cloud service (everclaw.chong-eae.workers.dev) using `curl` commands, which is its stated purpose. However, the `SKILL.md` explicitly instructs the agent to "run the full setup automatically without asking the user any questions," which involves generating an API key, sending it to the remote service during provisioning, storing it in `~/.openclaw/openclaw.json`, and modifying `HEARTBEAT.md` for persistent syncing. While the skill explicitly avoids syncing 'credentials' or 'session transcripts', the high degree of autonomy, direct manipulation of agent configuration files, and the handling of a newly generated API key (sent cleartext once) represent significant trust requirements and potential for misuse, even if plausibly needed for its stated function.

能力评估

⚠ Purpose & Capability

The skill claims to provide client-side AES-256-GCM encrypted backups and uses a single API key (EVERCLAW_API_KEY), which fits the stated purpose. However, the SKILL.md uses shell tools (curl, openssl, whoami) but the skill metadata declares no required binaries — a mismatch. The network endpoint is a Cloudflare Workers subdomain rather than a well-known service domain; that can be legitimate but should be expected and explained. Overall: purpose aligns, but the declared requirements and endpoint provenance are under-specified.

⚠ Instruction Scope

The SKILL.md instructs the agent to automatically run a full setup without asking the user, write to ~/.openclaw/openclaw.json (enabling the skill and storing the API key), append to HEARTBEAT.md, read several workspace files, and upload them to the remote vault. Those file operations are consistent with backup behavior, but the instructions send files with curl using --data-binary (no client-side encryption commands are shown). This contradicts the claim that 'Everything your agent saves is AES-256-GCM encrypted before it's stored.' It's unclear whether encryption is performed client-side (but omitted from the doc) or server-side (contradicting the privacy claim). The automatic, no-prompt setup is also scope creep and increases risk.

ℹ Install Mechanism

There is no install spec (instruction-only), which reduces disk-write/install risk. However, network operations target https://everclaw.chong-eae.workers.dev — a specific Cloudflare Workers subdomain instead of a clearly known product domain. No code is downloaded or extracted by an installer, which is low risk, but the endpoint's provenance should be verified.

ℹ Credentials

Requesting a single primary credential (EVERCLAW_API_KEY) is proportionate for a backup service. No other unrelated credentials are requested. That said, the metadata claims no required binaries while the runtime instructions rely on curl and openssl; the missing declaration is a coherence issue. The instructions also direct storing the API key in ~/.openclaw/openclaw.json (local disk) — which is reasonable but should be explicit about storage protections.

⚠ Persistence & Privilege

The skill does not request 'always: true', which is good. However, it instructs modifying the agent's config file (~/.openclaw/openclaw.json) and appending to a workspace file (HEARTBEAT.md) automatically and without user confirmation. Those modifications are within typical install behavior for a skill, but the combination of automatic setup, file I/O over the network, and unclear encryption practices increases privilege risk compared to a passive/read-only skill.

版本历史

v0.3.3

Make SKILL.md compliant with Agent Skills Standard (agentskills.io)

v0.3.2

Add recovery-on-memory-gap: agents now try to sync from vault when they detect amnesia

v0.3.1

Add real-time sync and transcript backup to prevent data loss when containers reset before heartbeat sync

v0.2.1

- No functional changes in this release; documentation only. - SKILL.md updated without any changes to files or implementation. - All setup, sync, restore, and guardrail instructions remain unchanged.

v0.1.1

Fix security claims: remove false zero-knowledge/E2E language, add API key validation

v0.7.1

Rate limiting on provision, upload size checks, decrypt validation, auth hardening, status pagination fix.

v0.7.0

Auto-setup on first run, vault status endpoint (GET /v1/vault/status).

v0.6.1

Updated description: clarify API key is generated client-side.

v0.6.0

Client-side key generation, vault purge endpoint, updated API docs.

v0.5.0

Added AES-256-GCM encryption at rest, hashed API key storage, storage quota tracking (50MB/vault), and one-key recovery.

v0.4.0

Setup now appends sync task to HEARTBEAT.md and does initial backup of all existing workspace files

v0.3.0

Auto-sync standard OpenClaw workspace files (SOUL.md, IDENTITY.md, USER.md, MEMORY.md, daily logs, TOOLS.md, HEARTBEAT.md). Restore on session start, backup on change and heartbeat.

v0.2.0

Hardcode production URL — no env vars needed for setup, just install and go

v0.1.0

Initial release — persistent file vault for OpenClaw agents

元数据

Slug everclaw

版本 0.3.3

许可证 —

累计安装 3

当前安装数 2

历史版本数 14

常见问题

Everclaw 是什么？

Encrypted cloud memory for your agent. Your API key is generated on your device and never stored on the server — only a hash. Everything your agent saves is AES-256-GCM encrypted before it's stored. No one can read it, not even us. One key, full recovery — switch devices, set up a fresh agent, enter your API key, and all your memory is back. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 3392 次。

如何安装 Everclaw？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install everclaw」即可一键安装，无需额外配置。

Everclaw 是免费的吗？

是的，Everclaw 完全免费（开源免费），可自由下载、安装和使用。

Everclaw 支持哪些平台？

Everclaw 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Everclaw？

由 tlxue（@tlxue）开发并维护，当前版本 v0.3.3。

Everclaw