← 返回 Skills 市场
84
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install session-sync-cloud
功能描述
Automatic cloud backup and sync for OpenClaw memory files. Encrypted upload to S3/Backblaze, versioned retention (30 days), cross-device restore. Includes we...
安全使用建议
Do not assume your backups will be end-to-end encrypted — the documentation promises AES-256 client-side encryption but the included Python script does not implement any encryption or use an encryption key. Before installing or pointing this skill at real data:
- Ask the author to provide the complete, untruncated source and an explicit implementation of client-side encryption (or remove the encryption claims). Verify the code actually encrypts data before any network call.
- Avoid putting real credentials or sensitive data in session-sync-config.json in plaintext until you trust the implementation. Use a bucket and access key with minimal permissions (e.g., a dedicated key limited to PutObject/DeleteObject/ListObjects on a single bucket/prefix).
- Test with non-sensitive dummy data first to confirm behavior (uploads, pruning, restore).
- Confirm how dashboard restore is intended to work (the HTML references an HTTP endpoint that the script does not provide).
- If you need true E2E encryption, insist on peer-reviewed crypto code or use a vetted client-side encryption library (e.g., AWS S3 client-side encryption SDKs) and do not rely on deriving keys from credentials.
Given the mismatch between claims and code, treat this skill as suspicious and avoid pointing it at any sensitive workspace until the author fixes and documents the missing encryption and provides the complete working code.
功能分析
Type: OpenClaw Skill
Name: session-sync-cloud
Version: 1.0.0
The skill documentation (SKILL.md) explicitly claims to provide AES-256 encryption for cloud backups so that the 'server never sees plaintext,' but the implementation in scripts/run.py lacks any encryption logic, uploading memory files in plaintext. This critical discrepancy between the security claims and the actual code behavior creates a false sense of security. Additionally, the generated memory/sync-dashboard.html includes a script that attempts to trigger restores via a local web endpoint (/restore) not implemented in the provided code, which is unusual for a standalone skill.
能力评估
Purpose & Capability
The skill claims to provide encrypted, versioned backups to S3-compatible storage and to scan the workspace memory/ directory — the code does scan memory/ and uploads files to a user-provided S3 bucket via boto3, which is coherent with the stated purpose. However, the SKILL.md repeatedly claims AES-256 client-side encryption and key-derivation behavior that is not present in the provided run.py; that is a material mismatch between claimed capability and implementation.
Instruction Scope
SKILL.md instructs creating a plaintext session-sync-config.json with access key and secret and (optionally) an encryption key. The code uses that config to read credentials and upload all files under memory/ (no excludes) — sensible for backup but will include any secrets in memory/. Critically, SKILL.md promises end-to-end AES-256 encryption before upload and deriving keys from credentials if unset; the provided run.py does not perform any encryption or use an encryption key. The dashboard HTML references an HTTP restore endpoint ('/restore') that is not implemented in the code. The code will therefore upload plaintext to the configured bucket despite the documentation claiming ciphertext-only storage.
Install Mechanism
No install spec (instruction-only) and a small python script; low install-surface. The script requires boto3 (it checks and errors if missing) and suggests pip installing it. No downloads from arbitrary URLs or archive extraction are present.
Credentials
No environment variables are requested; the skill uses a workspace config file that must contain the cloud access key and secret. Requesting cloud credentials in that config is proportional to performing S3 uploads. However, storing credentials in a plaintext file in the workspace is a sensitive design choice (risk of accidental leakage). The SKILL.md's claim that an encryption key can be derived from credentials is insecure and—critically—not implemented in the code.
Persistence & Privilege
The skill is not force-enabled (always: false) and is user-invocable. It does not request persistent, platform-wide privileges in the metadata. It writes artifacts to the workspace (logs, dashboard) which is expected for a backup tool.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install session-sync-cloud - 安装完成后,直接呼叫该 Skill 的名称或使用
/session-sync-cloud触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — automatic encrypted cloud backup and sync for memory files (S3/B2 compatible)
元数据
常见问题
Session Sync Cloud 是什么?
Automatic cloud backup and sync for OpenClaw memory files. Encrypted upload to S3/Backblaze, versioned retention (30 days), cross-device restore. Includes we... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 84 次。
如何安装 Session Sync Cloud?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install session-sync-cloud」即可一键安装,无需额外配置。
Session Sync Cloud 是免费的吗?
是的,Session Sync Cloud 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Session Sync Cloud 支持哪些平台?
Session Sync Cloud 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Session Sync Cloud?
由 NeroAgent(@neroagent)开发并维护,当前版本 v1.0.0。
推荐 Skills