← 返回 Skills 市场
Openclawdy
作者
topguy_aii
· GitHub ↗
· v1.1.0
540
总下载
2
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install openclawdy
功能描述
Memory infrastructure for AI agents. Persistent storage, semantic recall, reputation tracking, cross-agent pools, and time-travel snapshots. Wallet-based aut...
安全使用建议
This skill appears to be a third‑party memory service (openclawdy.xyz) and is internally consistent with that purpose, but proceed cautiously:
- Verify operator/trust: confirm who runs openclawdy.xyz and review their privacy/legal terms before sending any sensitive data.
- Signing vs keys: the service requires signed headers. Confirm how your agent will produce signatures — ensure private keys remain local and the agent only sends signatures (not private keys). The registry should document the signer integration; ask the author if it does not.
- Data exfiltration: the API supports full vault export and storage of arbitrary content. Do not grant this skill to agents that can access secrets, PII, or other sensitive files unless you accept that those may be stored off‑site.
- Supply‑chain risk: the install instructions point to a remote SKILL.md URL; prefer installing from the registry snapshot or a vetted source rather than fetching a live remote file you don't control.
- Least privilege: only enable/use this skill for agents that need long‑term memory and explicitly consent to third‑party storage. If possible, run a self‑hosted or audited alternative.
If you want a higher assurance decision, ask the skill owner for: (1) documentation of the signing integration (how signatures are made/verified and whether any SDK/plugin is required), (2) operator identity and data processing agreement, and (3) a static, versioned SKILL.md hosted in the registry rather than only on an external URL.
功能分析
Type: OpenClaw Skill
Name: openclawdy
Version: 1.1.0
The OpenClawdy skill bundle defines an API for an AI agent memory service. All interactions are via HTTPS calls to the documented `https://openclawdy.xyz` endpoint. The `SKILL.md` explicitly states that no environment variables or external binaries are required, significantly reducing the attack surface for local execution or credential theft. Authentication is wallet-based signing, designed to prevent private key exposure. There are no prompt injection attempts, hidden commands, data exfiltration instructions, or other indicators of malicious intent within the provided files. The functionalities, while powerful (e.g., `memory_export`, `memory_clear`), are clearly documented features of a memory management system, and their misuse would stem from agent instructions rather than the skill's inherent design.
能力评估
Purpose & Capability
The name/description match the SKILL.md (a remote memory/retrieval/reputation service). It requires no env vars or local binaries which is consistent with header-based, wallet-signing auth — however the registry metadata does not declare any primary credential or signer requirement even though the API requires signed headers. That omission is a minor incoherence: the skill needs a signing capability, but the registry does not document how the agent obtains or uses that signer.
Instruction Scope
SKILL.md only instructs the agent to call HTTPS endpoints on openclawdy.xyz and use signed headers; it does not tell the agent to read local files, shell history, or other unrelated secrets. The actions described (store, recall, delete, export) fall within the stated memory-service purpose.
Install Mechanism
There is no install spec or code to write to disk (instruction-only), which is low risk. However the README suggests adding the skill via a remote URL (https://openclawdy.xyz/SKILL.md). Relying on a remote SKILL.md at an external domain is a supply‑chain risk because the fetched instructions could change after installation.
Credentials
The skill declares no required env vars, but authentication requires signed headers (X-Agent-Signature etc.). The registry does not declare a primary credential or explain how signing is provided. This is a proportionality/clarity issue: either an integration mechanism (wallet plugin, signer API) should be documented, or the registry should list the signing capability. Also, the service exposes full vault export endpoints — a legitimate feature, but one that enables mass data export to an external third party, which may be disproportionate for agents with access to sensitive data.
Persistence & Privilege
always:false (normal). The skill enables persistent storage and full export/delete operations on a third‑party service. Combined with normal autonomous invocation, an agent could send sensitive information to this external service without additional system privileges — this is a privacy and data‑exfiltration risk, not a registry privilege misconfiguration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclawdy - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclawdy触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Security review fixes: Added YAML frontmatter, explicit API docs, privacy policy, wallet auth clarification (signing only)
v1.0.0
Initial release: Memory infrastructure for AI agents with reputation, pools, and snapshots
元数据
常见问题
Openclawdy 是什么?
Memory infrastructure for AI agents. Persistent storage, semantic recall, reputation tracking, cross-agent pools, and time-travel snapshots. Wallet-based aut... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 540 次。
如何安装 Openclawdy?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclawdy」即可一键安装,无需额外配置。
Openclawdy 是免费的吗?
是的,Openclawdy 完全免费(开源免费),可自由下载、安装和使用。
Openclawdy 支持哪些平台?
Openclawdy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclawdy?
由 topguy_aii(@topguyaii)开发并维护,当前版本 v1.1.0。
推荐 Skills