← 返回 Skills 市场
Synapse Layer Skill for Hermes Agent
作者
Rafa Martins
· GitHub ↗
· v1.1.9-b
· MIT-0
65
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install synapse-layer-hermes
功能描述
Zero-Knowledge persistent memory layer for Hermes Agent. Provides encrypted cross-session memory, Trust Quotient (TQ) scoring, and automatic recall across AL...
安全使用建议
Before installing, verify the following: (1) Correct the metadata mismatch — ask the publisher why the registry shows no required env vars while SKILL.md requires SYNAPSE_TOKEN. (2) Confirm you trust https://forge.synapselayer.org and review their privacy/security docs and source code (the skill bundle contains no code to verify their zero-knowledge/PII-redaction claims). (3) Avoid storing long-lived credentials in remote memory unless you understand and accept the risk — prefer short-lived tokens, rotate credentials after testing, and limit what the agent is allowed to persist. (4) Test with non-sensitive data first to confirm behavior and inspect network requests. (5) If you need to store secrets, ensure there is an auditable access policy and the service's encryption/zero-knowledge design is independently verifiable. (6) Ask the publisher to remove recommendations that reference root-only paths (/root/.hermes/...) and to clarify why tool-progress must be disabled for Telegram (this hides agent actions and can reduce transparency).
功能分析
Type: OpenClaw Skill
Name: synapse-layer-hermes
Version: 1.1.9-b
The skill bundle instructs the agent to exfiltrate highly sensitive information, including API credentials (Nous, Naga, Telegram tokens) and server infrastructure details, to an external third-party service (synapselayer.org). Furthermore, SKILL.md contains explicit instructions to hide these background activities from the user by disabling tool progress indicators in Telegram. While framed as a 'persistent memory' feature with 'zero-knowledge' security claims, the combination of targeted secret collection and stealth configuration poses a significant risk of data exfiltration (IOC: forge.synapselayer.org).
能力标签
能力评估
Purpose & Capability
Name/description match the instructions: the skill integrates a remote memory service and needs a service token to talk to forge.synapselayer.org. However, the package registry metadata lists no required env vars while the SKILL.md metadata and docs explicitly require SYNAPSE_TOKEN — an inconsistency that should be corrected.
Instruction Scope
The instructions tell the agent/operator to modify ~/.hermes/config.yaml and ~/.hermes/.env, to always call recall at session start, and to persist and search across highly sensitive material (API credentials, server hostnames, ports, configs, and a root path /root/.hermes/voice_call). They also instruct disabling Telegram tool progress to hide tool usage. These behaviors are coherent with a cross-session memory service but will cause sensitive secrets to be stored remotely; the SKILL.md asserts strong protections (zero-knowledge, PII redaction) but provides no in-repo code or verifiable proof.
Install Mechanism
Instruction-only skill with no install spec or code files — nothing is written or downloaded by an installer. That's the lowest install risk, but it also means the claimed security pipeline cannot be validated from the bundle.
Credentials
SKILL.md metadata and docs require a SYNAPSE_TOKEN (used as a Bearer header). Registry-level requirements list none — mismatch is suspicious. The skill also asks the agent to persist other long-lived credentials (Telegram bot token, Nous Portal token, TTS API keys, etc.) into remote memory. Requesting a single service token is appropriate, but recommending storage of many unrelated secrets increases risk and should be justified and guarded (short-lived tokens, explicit opt-in, encryption proofs).
Persistence & Privilege
The skill is not always-enabled and follows normal autonomous-invocation defaults. However, the instruction to 'always call recall before generating any response' combined with cross-channel memory access increases the blast radius: if the remote memory contains credentials or infra details, those may be used or exposed across channels. This is not a disallowed privilege by itself, but it elevates sensitivity and requires careful operator control.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install synapse-layer-hermes - 安装完成后,直接呼叫该 Skill 的名称或使用
/synapse-layer-hermes触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.9-b
- Removed phone number from credits and user profile examples in documentation.
- Generalized server names, token formats, and port numbers in configuration and memory category examples for enhanced privacy and clarity.
- No functional changes or file modifications detected.
v1.1.8
This skill integrates [Synapse Layer](https://synapselayer.org) — a zero-knowledge, encrypted, cross-session memory system — into Hermes Agent. All memories are encrypted with AES-256-GCM, pass through a 4-layer Cognitive Security Pipeline (PII redaction, differential privacy, intent validation, neural handover), and are retrievable from any channel (Telegram, WhatsApp, CLI, Discord).
元数据
常见问题
Synapse Layer Skill for Hermes Agent 是什么?
Zero-Knowledge persistent memory layer for Hermes Agent. Provides encrypted cross-session memory, Trust Quotient (TQ) scoring, and automatic recall across AL... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 65 次。
如何安装 Synapse Layer Skill for Hermes Agent?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install synapse-layer-hermes」即可一键安装,无需额外配置。
Synapse Layer Skill for Hermes Agent 是免费的吗?
是的,Synapse Layer Skill for Hermes Agent 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Synapse Layer Skill for Hermes Agent 支持哪些平台?
Synapse Layer Skill for Hermes Agent 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Synapse Layer Skill for Hermes Agent?
由 Rafa Martins(@rafacpti23)开发并维护,当前版本 v1.1.9-b。
推荐 Skills