← 返回 Skills 市场
294
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install sense-memory
功能描述
Sovereign persistence for AI agents — encrypted key-value memories and journal entries on Nostr relays
安全使用建议
This skill appears to do what it says (encrypted memories on Nostr) but has a few inconsistencies and trust decisions you should consider before installing:
- Verify package provenance: confirm the 'sense-memory' and 'nostrkey' packages are the official project releases (PyPI/GitHub) and review their source, since giving them your private key/passphrase grants full access to your memories.
- Sensitive secrets: prefer using a file-encrypted identity (.nostrkey) unlocked with a passphrase rather than putting NSEC plaintext into environment variables. If you must use NOSTR_NSEC, be aware it is equivalent to handing the skill your private key.
- Relay trust: the package recommends a default relay run by the author. Even though content is encrypted, relays receive metadata (timestamps, event IDs, possibly IP-level telemetry). If you need stronger privacy, run your own relay or choose well-audited public relays.
- Metadata mismatch: the registry summary lists no required env vars while metadata.json and SKILL.md require a passphrase and optionally a private key — ask the publisher/maintainer to correct the metadata so required environment and install instructions are consistent.
- If you need higher assurance: review the package source code (GitHub repo) and the sense-memory implementation, or run it in a sandboxed environment and/or with an identity keypair created specifically for testing.
Given these points, proceed only after verifying the package source and making an explicit decision about how you will store and provide the private key/passphrase.
功能分析
Type: OpenClaw Skill
Name: sense-memory
Version: 0.2.0
The skill manages sensitive Nostr private keys (nsec) and performs network communication with external relays (defaulting to wss://relay.nostrkeep.com) to store encrypted agent memories. While these high-risk capabilities are aligned with the stated purpose of sovereign persistence, the handling of cryptographic secrets and remote data transmission in SKILL.md and examples/basic_usage.py warrants a suspicious classification under the provided criteria. No evidence of intentional malice or unauthorized data exfiltration was observed.
能力评估
Purpose & Capability
The skill claims to provide encrypted key-value and journal storage via the Nostr protocol, which coherently explains why it needs a Nostr identity and a relay. Asking for nostr-related packages (nostrkey) and providing API calls to relays fits the described purpose.
Instruction Scope
SKILL.md and the example code instruct the agent to load a local .nostrkey file or read NOSTR_NSEC and NOSTRKEY_PASSPHRASE from the environment and then publish encrypted events to user-selected relays. Those instructions reference sensitive keys and environment variables (NOSTR_NSEC, NOSTRKEY_PASSPHRASE) and will cause network writes to third-party relays. The instructions also recommend installing the NostrKey skill and pip packages at runtime. The SKILL.md accesses sensitive env vars that are not declared in the top-level registry Requirements block (incoherence between registry summary and the skill's own instructions).
Install Mechanism
Install uses standard package installs (pip / uv for package 'sense-memory'), which is expected for a Python skill. There are no downloads from personal servers or URL shorteners in the provided spec. The registry metadata shows multiple install entries (pip and uv) which is acceptable but inconsistent with the single install entry shown elsewhere.
Credentials
Requiring a Nostr private key (NOSTR_NSEC) or a passphrase to decrypt a local identity file is proportionate for an encryption-based memory skill. However: (1) the overall registry summary initially lists no required env vars while metadata.json declares NOSTRKEY_PASSPHRASE as required and NOSTR_NSEC as optional — this mismatch is an incoherence; (2) supplying NOSTR_NSEC or passphrase to the environment gives the skill full ability to sign and decrypt/encrypt on behalf of the agent, so you must treat those values as highly sensitive and only provide them if you trust the code and operator.
Persistence & Privilege
The skill is not marked 'always: true' and does not request elevated platform privileges. It will persist data to external relays (intended behavior) but does not request modification of other skills or system-wide config in the provided files.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sense-memory - 安装完成后,直接呼叫该 Skill 的名称或使用
/sense-memory触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
v0.2.0: Multi-relay support, NIP-04→NIP-78 journal migration, wss:// relay validation, 15s timeout, health check
v0.1.3
Security hardening: SecretStr, sanitized exceptions, input validation
v0.1.2
Entity-aware framing, living with memory section, next steps
v0.1.1
Add prerequisites, enrich operator guidance, declare env vars, relay options
v0.1.0
Initial release — encrypted
key-value memories and journal entries on Nostr relays. 20 tests, red-teamed.
元数据
常见问题
sense-memory 是什么?
Sovereign persistence for AI agents — encrypted key-value memories and journal entries on Nostr relays. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 294 次。
如何安装 sense-memory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sense-memory」即可一键安装,无需额外配置。
sense-memory 是免费的吗?
是的,sense-memory 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
sense-memory 支持哪些平台?
sense-memory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 sense-memory?
由 vveerrgg(@vveerrgg)开发并维护,当前版本 v0.2.0。
推荐 Skills