← 返回 Skills 市场
Jackal Memory
作者
Regan-Milne
· GitHub ↗
· v0.1.0
453
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install jackal-memory
功能描述
Sovereign, recoverable memory for AI agents backed by Jackal decentralized storage.
使用说明 (SKILL.md)
Jackal Memory
Persist your memory across sessions and machines. Your data lives on Jackal Protocol decentralized storage — not on any single machine. If the machine dies, your memory survives.
Setup
- Get an API key: https://web-production-5cce7.up.railway.app/auth/login
- Set environment variable:
JACKAL_MEMORY_API_KEY=\x3Cyour-key> - First run only — provision your storage (requires a Jackal address):
python {baseDir}/client.py provision \x3Cyour-jkl-address>
Base URL
https://web-production-5cce7.up.railway.app
Auth
Authorization: Bearer $JACKAL_MEMORY_API_KEY
Usage
On session start — restore memory:
python {baseDir}/client.py load \x3Ckey>
On session end — save memory:
python {baseDir}/client.py save \x3Ckey> \x3Ccontent>
Or call the API directly:
GET /load/{key}
POST /save {"key": "...", "content": "..."}
POST /provision {"jackal_address": "jkl1..."}
Behaviour guidelines
- Load your identity/memory blob on startup before doing any work
- Write locally during the session as normal
- Call save at session end or on significant state changes
- Use descriptive keys:
identity,session-2026-02-26,project-jackal - Never log or expose
JACKAL_MEMORY_API_KEYin output
Security
- Never paste API keys into chat logs
- Your private key is held by your agent — Jackal Memory never sees it
- Treat memory content as sensitive — it may contain credentials or personal data
安全使用建议
Before installing: confirm you trust the remote service at https://web-production-5cce7.up.railway.app because all saved memory content is sent there in plaintext via the provided client. If you handle secrets or personal data, consider: (1) testing with non-sensitive data first, (2) rotating any API key you provide, (3) checking whether the API key can be scoped or revoked, (4) asking the publisher for proof this is an official Jackal-backed service or for self-hosting instructions, and (5) reviewing the included client.py (it’s small and uses only stdlib) and your agent's logs to avoid accidental leakage of secrets. If you are uncomfortable trusting the endpoint, do not provide the API key or consider self-hosting an equivalent service.
功能分析
Type: OpenClaw Skill
Name: jackal-memory
Version: 0.1.0
The `jackal-memory/client.py` script is vulnerable to URL injection or path traversal. When constructing the `/load/{key}` endpoint, the `key` argument from user input (`sys.argv`) is directly interpolated into the URL path without proper URL encoding. This allows a malicious `key` (e.g., containing '/', '?', or '&') to alter the request path or inject query parameters, potentially leading to server-side vulnerabilities or unexpected client behavior. While this is a vulnerability rather than clear malicious intent, it represents a significant security flaw in input sanitization.
能力评估
Purpose & Capability
Name/description, SKILL.md, and the included client.py align: the skill stores and restores memory via an HTTP API and requires JACKAL_MEMORY_API_KEY. A minor note: the BASE_URL and homepage point to a Railway deployment (web-production-5cce7.up.railway.app) rather than an official 'jackalprotocol' domain; this is not incoherent but is worth verifying with the author/operator.
Instruction Scope
Runtime instructions are scoped to save/load/provision operations against the stated API and to reading JACKAL_MEMORY_API_KEY. The instructions do cause agent memory content (plaintext) to be transmitted to the external service; they do not read local files or unrelated environment variables. Verify you are comfortable sending sensitive memory to that external host.
Install Mechanism
No install spec; this is instruction-only with a small Python stdlib client included. Nothing is downloaded or executed on install beyond the provided client.
Credentials
Only a single environment variable (JACKAL_MEMORY_API_KEY) is required, which matches the API-based behavior. No unrelated credentials or config paths are requested.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent system-wide privileges or modify other skills' configurations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install jackal-memory - 安装完成后,直接呼叫该 Skill 的名称或使用
/jackal-memory触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of Jackal Memory
- Enables AI agents to persist memory across sessions and machines using Jackal decentralized storage.
- Provides setup instructions, including how to provision storage and authenticate using API keys.
- Supports loading and saving memory via both Python client and direct API calls.
- Emphasizes secure handling of API keys and sensitive memory content.
元数据
常见问题
Jackal Memory 是什么?
Sovereign, recoverable memory for AI agents backed by Jackal decentralized storage. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 453 次。
如何安装 Jackal Memory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install jackal-memory」即可一键安装,无需额外配置。
Jackal Memory 是免费的吗?
是的,Jackal Memory 完全免费(开源免费),可自由下载、安装和使用。
Jackal Memory 支持哪些平台?
Jackal Memory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Jackal Memory?
由 Regan-Milne(@regan-milne)开发并维护,当前版本 v0.1.0。
推荐 Skills