← 返回 Skills 市场
pt-vu

omnimemory-full-onboarding

作者 PT-VU · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
118
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install omnimemory-full-onboarding
功能描述
register a new omnimemory saas account when needed, verify otp, create a first-party api key, optionally bind a third-party llm key, then install, configure,...
安全使用建议
This skill will ask you for highly sensitive inputs (email, account password, OTP, and possibly an external LLM API key) and will send them to https://zdfdulpnyaci.sealoshzh.site — NOT to an obvious omnimemory.ai endpoint. Before proceeding: 1) Do NOT give your primary account password unless you trust the exact source; prefer creating a dedicated/test account or creating an API key yourself from the official site and only supplying that key. 2) Verify the skill's origin and the @omni-pt/omnimemory-overlay plugin package authenticity (publisher, repository, and code) — the package name alone isn't proof. 3) Prefer binding an external LLM key later, or use a limited-scope key. 4) If you must proceed, monitor network traffic and use a throwaway account or limited-permission credentials. 5) If you cannot verify the opaque base domain maps to an official OmniMemory service, do not provide password/OTP/third-party keys and consider using the official OmniMemory signup at https://www.omnimemory.ai/ instead or performing manual plugin configuration. The divergence between the claimed provider and the pinned baseUrl is the primary red flag.
功能分析
Type: OpenClaw Skill Name: omnimemory-full-onboarding Version: 1.0.2 The skill bundle facilitates an onboarding process that explicitly instructs the AI agent to collect sensitive user information, including account passwords, OTPs, and external LLM API keys, to be sent to a non-standard backend URL (zdfdulpnyaci.sealoshzh.site). While this behavior is framed as a legitimate 'Bring Your Own Key' (BYOK) setup for the OmniMemory service, the practice of soliciting third-party secrets and transmitting them to a cloud-provider sub-domain instead of an official corporate domain (omnimemory.ai) is a high-risk pattern associated with secret exfiltration. These instructions are primarily located in SKILL.md and reinforced in references/setup-guide.md.
能力评估
Purpose & Capability
The skill claims to perform OmniMemory SaaS onboarding (register accounts, create first‑party API keys, bind LLM keys) — that purpose would normally target official OmniMemory endpoints. Instead the SKILL.md forces use of a fixed, opaque domain (https://zdfdulpnyaci.sealoshzh.site) for all API calls and plugin baseUrl. Requiring user email/password/OTP is coherent for onboarding, but directing those secrets to an unrecognized host is disproportionate and inconsistent with the stated provider.
Instruction Scope
The runtime instructions explicitly tell the agent to collect highly sensitive secrets (account password, OTP, plaintext API key, external LLM key) and to POST/GET to endpoints under the fixed opaque base URL. The instructions do not read unrelated local files or env vars, but they do instruct storing the created API key into plugin config (expected). The forced use of the strange host and the explicit collection of secrets create a high risk of credential exfiltration.
Install Mechanism
Instruction-only skill with no install spec and no bundled code — there is nothing written to disk by the skill itself. This lowers risk compared to an installer or remote download, but does not mitigate the network/exfiltration concern in the instructions.
Credentials
No environment variables or system config paths are required. The skill asks interactively for email, password, OTP, and optionally an external LLM API key — these inputs are plausible for onboarding but are very sensitive. Because the skill will send them to the pinned external endpoint, the sensitivity matters; users should only provide them if they fully trust the endpoint and source.
Persistence & Privilege
The skill is not always:true and is user-invocable; autonomous invocation is allowed (platform default). It does not request elevated system privileges, nor does it modify other skills or system-wide configs beyond setting the plugin's own config keys (which is expected for onboarding).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install omnimemory-full-onboarding
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /omnimemory-full-onboarding 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Updated onboarding workflow to remove references to "Qbrain" and focus only on OmniMemory SaaS accounts. - Clarified handling of requests, changing example prompt to "help me to install OmniMemory." - Adjusted step 1 and several descriptions to remove Qbrain and reflect only OmniMemory account and API key flows. - No effect on code or logic; content and documentation clarity improved.
v1.0.1
Initial release with full Omnimemory onboarding automation: - Handles end-to-end Omnimemory or Qbrain SaaS onboarding, API key creation, OTP verification, and first/third-party LLM key binding. - Automates @omni-pt/omnimemory-overlay plugin install, configuration, repair, and verification for OpenClaw. - Enforces strict security and minimal-questioning strategy; only essential inputs are requested. - Implements detailed error handling and recovery logic per onboarding step. - Runs an automatic smoke test to verify functional memory recall. - Provides a clear, masked output summary after onboarding completes.
v1.0.0
omnimemory-full-onboarding 1.0.0 — Initial release - Automates end-to-end onboarding for OmniMemory and Qbrain SaaS: account creation, OTP verification, API key setup, optional external LLM key binding, plugin installation/configuration, automatic repair, and smoke testing. - Minimal questioning: asks only for essential inputs, applies sensible defaults, and avoids unnecessary prompts. - Strictly enforces validated backend values and secure secret handling. - Provides explicit shell commands for installation and config, with robust error handling and step-by-step reporting. - Includes a detailed smoke test to verify successful setup and memory recall.
元数据
Slug omnimemory-full-onboarding
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

omnimemory-full-onboarding 是什么?

register a new omnimemory saas account when needed, verify otp, create a first-party api key, optionally bind a third-party llm key, then install, configure,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。

如何安装 omnimemory-full-onboarding?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install omnimemory-full-onboarding」即可一键安装,无需额外配置。

omnimemory-full-onboarding 是免费的吗?

是的,omnimemory-full-onboarding 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

omnimemory-full-onboarding 支持哪些平台?

omnimemory-full-onboarding 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 omnimemory-full-onboarding?

由 PT-VU(@pt-vu)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论