← 返回 Skills 市场
1731
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install unibase-membase
功能描述
Manage agent memory with Membase - a decentralized, encrypted memory backup and restore system. Provides backup, restore, list, diff, status, and cleanup operations for agent memories.
安全使用建议
Do not install or run this skill yet. Before proceeding, ask the publisher for the missing library files (lib/backup-manager.js, lib/membase-client.js, lib/encryption.js) or a clear build/install step. Confirm why the registry metadata lists no required environment variables while the code expects MEMBASE_ACCOUNT, MEMBASE_SECRET_KEY and MEMBASE_BACKUP_PASSWORD. Avoid letting the agent echo or log secrets (the SKILL.md example prints env values). Verify the source of the skill (homepage/source unknown), confirm how TypeScript files are intended to be executed (they currently import .js but are provided as .ts), and review the Membase endpoint and client implementation for any unexpected external endpoints or exfiltration before supplying credentials. If you must test, do so in an isolated sandbox with throwaway credentials and no sensitive workspace data.
功能分析
Type: OpenClaw Skill
Name: unibase-membase
Version: 1.0.0
This skill is classified as suspicious due to its inherent handling of highly sensitive data and interaction with an external service. It requires and processes sensitive environment variables (MEMBASE_ACCOUNT, MEMBASE_SECRET_KEY, MEMBASE_BACKUP_PASSWORD) from the agent's environment and ~/.openclaw/openclaw.json, which are then used to connect to an external endpoint (https://testnet.hub.membase.io) for memory backup and restore. The SKILL.md instructs the agent to `echo` these sensitive environment variables, which could expose them. Furthermore, the skill declares `bash` as an allowed tool, granting broad shell access, even if its current usage is limited to `node` commands. While these actions are aligned with the stated purpose of memory management and there is no clear evidence of intentional malicious behavior, the high-risk capabilities and sensitive data handling warrant a suspicious classification.
能力评估
Purpose & Capability
The README/code expect MEMBASE_ACCOUNT, MEMBASE_SECRET_KEY and MEMBASE_BACKUP_PASSWORD and also read ~/.openclaw/openclaw.json to get config, but the registry metadata declared no required environment variables or config paths. Requiring account/secret keys and reading the agent's config is consistent with a backup service, but the manifest omission is an incoherence that could hide credential needs.
Instruction Scope
SKILL.md instructs the agent to check and echo secret env vars (e.g., echo $MEMBASE_BACKUP_PASSWORD) and to cd into skills/membase and run node membase.ts. Echoing secrets risks leaking them into logs; asking the agent to read home config (~/.openclaw/openclaw.json) and workspace is within backup scope but broader than the declared skill surface. The instructions are prescriptive about local file access and revealing env values, which is risky and was not reflected in the declared requirements.
Install Mechanism
There is no install spec (instruction-only), but the package includes TypeScript source files. membase.ts imports './commands/backup.js' and other .js modules while the manifest files are .ts. Also the commands import ../lib/*.js (backup-manager, membase-client, encryption) but those lib files are not present in the file manifest. This means the code cannot run as-is and would require fetching or generating additional code or a build step—an ambiguity/risk.
Credentials
The environment variables the skill uses (account, secret key, backup password) are reasonable for a backup tool, but the skill metadata declared none. The SKILL.md explicitly tells the agent to echo these env vars (potentially exposing secrets) and the code will read openclaw.json from the user's home directory. The combination of missing declared requirements and instructions that reveal secrets is disproportionate or at least poorly documented.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It will read user-level config (~/.openclaw/openclaw.json) and the workspace directory to find memory files — behavior that makes sense for a memory backup skill but is somewhat privileged because it accesses potentially sensitive local agent config and files. This is expected functionality but worth noting.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install unibase-membase - 安装完成后,直接呼叫该 Skill 的名称或使用
/unibase-membase触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
The first official Unibase Membase skill: decentralized persistent memory, purpose-built for OpenClaw Bot.
元数据
常见问题
The first official Unibase Membase skill: decentralized persistent memory, purpose-built for OpenClaw Bot. 是什么?
Manage agent memory with Membase - a decentralized, encrypted memory backup and restore system. Provides backup, restore, list, diff, status, and cleanup operations for agent memories. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1731 次。
如何安装 The first official Unibase Membase skill: decentralized persistent memory, purpose-built for OpenClaw Bot.?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install unibase-membase」即可一键安装,无需额外配置。
The first official Unibase Membase skill: decentralized persistent memory, purpose-built for OpenClaw Bot. 是免费的吗?
是的,The first official Unibase Membase skill: decentralized persistent memory, purpose-built for OpenClaw Bot. 完全免费(开源免费),可自由下载、安装和使用。
The first official Unibase Membase skill: decentralized persistent memory, purpose-built for OpenClaw Bot. 支持哪些平台?
The first official Unibase Membase skill: decentralized persistent memory, purpose-built for OpenClaw Bot. 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 The first official Unibase Membase skill: decentralized persistent memory, purpose-built for OpenClaw Bot.?
由 ibitnoah(@ibitnoah)开发并维护,当前版本 v1.0.0。
推荐 Skills