Synapse Layer

Provides persistent, encrypted AI agent memory with a 4-layer security pipeline for storing, retrieving, sharing, and analyzing agent memories.

Key issues to consider before installing: - Credentials mismatch: the package requires an API key (examples and test script), but the registry declares none. Do not provide an API key until the skill's expected secret name and storage method are confirmed. - False security claims: the docs promise client-side encryption and AES/PBKDF2 processing, but the included SynapseClient sends plaintext JSON to the remote endpoint with only an Authorization header. Ask the publisher to show where client-side encryption is performed (code, libs, or steps). If client-side encryption is not performed, the 'zero-knowledge' claim is inaccurate and you should not send sensitive PII or secrets to this service. - Secret handling: the test script prints part of the API key to stdout and the docs recommend putting the API key in gateway config. That can leak keys into logs/backups. If you must test, use a non-production key, rotate it after testing, and avoid running tests on production systems. - Audit network endpoint: the client talks to https://forge.synapselayer.org/mcp. Verify ownership/trustworthiness of that host before sending production data. Prefer deploying the code in an isolated environment first and monitor outgoing requests. - Clarify the pip package: SKILL.md suggests 'pip install synapse-layer' but the skill bundle provides scripts only. Confirm whether there is an official package and whether the shipped code matches it. Recommended next steps: ask the publisher for (1) proof/source of client-side encryption (or a build that performs it), (2) the exact environment variable/credential names the skill requires, (3) retention/processing policy for data sent to forge.synapselayer.org, and (4) updated code that avoids printing secrets. Until these are provided, treat the skill as untrusted for sensitive data and prefer local or audited alternatives.

Type: OpenClaw Skill Name: synapse-layer Version: 1.0.0 The synapse-layer skill bundle provides a legitimate integration for a persistent memory service. The Python client (scripts/synapse_client.py) and test script (scripts/synapse_test.py) are well-structured and strictly perform API calls to the documented endpoint (forge.synapselayer.org) to store and retrieve agent memories. There is no evidence of malicious intent, data exfiltration of local sensitive files, or harmful prompt injection in the documentation or instructions.