← 返回 Skills 市场
640
总下载
0
收藏
0
当前安装
11
版本数
在 OpenClaw 中安装
/install x1-vault-memory
功能描述
Backup and restore OpenClaw agent memory to IPFS with AES-256-GCM encryption and X1 blockchain CID anchoring
安全使用建议
This skill appears to implement the advertised backup/restore pipeline, but review these points before installing:
- Metadata mismatch: the registry summary said no required envs/configs, but SKILL.md and package.json do require PINATA_JWT and x1_vault_cli/wallet.json. Verify the package metadata and that you provide only intended secrets.
- Sensitive secrets: the skill needs a wallet.json (private key) and a Pinata JWT. Use a dedicated, low-value wallet and create a Pinata JWT scoped to pinFileToIPFS only; keep both off version control and rotate/revoke tokens if compromised.
- X1 anchoring: the anchoring code reuses @solana/web3.js and Solana memo program IDs; confirm that the X1 RPC and on-chain memo behavior are compatible in your environment (test on a testnet or a disposable wallet first). If anchoring fails, the backup still stays on IPFS but won't be recorded on-chain.
- Cron/heartbeat: the heartbeat auto-restore is opt-in. Do not enable cron/auto-restore unless you trust the code and want automatic restores that execute local commands.
- Dependency risk: npm install pulls many packages. If you require higher assurance, audit dependencies or run in an isolated container/VM.
If you trust the author and the code after these checks, the skill is coherent with its stated purpose. If anything feels off (unknown source, unexpected metadata), test in an isolated environment or refrain from installing.
功能分析
Type: OpenClaw Skill
Name: x1-vault-memory
Version: 0.1.10
This skill is designed for encrypted, decentralized backup and restore of OpenClaw agent memory. It uses strong cryptographic practices (AES-256-GCM, PBKDF2) and includes critical security mitigations such as `validateCID` for all Content Identifiers (CIDs) before network requests (SSRF prevention) and before executing child processes (`execFileSync` in `heartbeat.js`, preventing shell injection). It also implements SHA-256 checksum verification for data integrity during restore. All external communications (Pinata, X1 RPC) and local file system access are aligned with the stated purpose. Persistence mechanisms (cron jobs) are opt-in and clearly documented. There is no evidence of intentional malicious behavior like unauthorized data exfiltration, backdoors, or stealthy operations. The skill explicitly warns users about handling sensitive `wallet.json` and `PINATA_JWT` credentials securely.
能力评估
Purpose & Capability
The skill's name/description (IPFS + AES-256-GCM + X1 anchoring) aligns with the code: archive workspace files, encrypt with AES-256-GCM (key derived from local wallet.json secretKey), upload to Pinata, and submit a signed transaction to an X1 RPC. However the registry summary at the top of the package info (which lists no required env vars or config paths) contradicts SKILL.md and package.json which explicitly require PINATA_JWT and x1_vault_cli/wallet.json. That metadata mismatch is likely a packaging/registration oversight but should be corrected/verified.
Instruction Scope
Runtime instructions and code act on agent workspace files (IDENTITY.md, SOUL.md, USER.md, TOOLS.md, memory/) and use Pinata and an X1 RPC. Heartbeat auto-restore is opt-in (cron example provided) and the code validates CIDs and checksums. Heartbeat invokes restore via execFileSync('node', ...), which is expected for this tool but means the skill will run local commands if you schedule it—confirm you only enable cron if you trust the code.
Install Mechanism
No remote 'curl|sh' or arbitrary URL downloads; dependencies are normal npm packages declared in package.json and lockfile. The install is npm install (node modules from public registries). That is standard but remember npm packages have their own supply-chain risk—review dependencies if you require high assurance.
Credentials
The only required secret is PINATA_JWT (Pinata pinFileToIPFS) and a local wallet keypair file (x1_vault_cli/wallet.json). Both are sensitive but justified by the functionality: Pinata auth for uploads and the private key for encryption/signing. Ensure the Pinata key is scoped/minimal and the wallet is a dedicated wallet (the project advises this).
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system-wide settings. It requires a local wallet file and environment variable but does not attempt to persist itself beyond normal files in the workspace.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install x1-vault-memory - 安装完成后,直接呼叫该 Skill 的名称或使用
/x1-vault-memory触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.10
**Security-focused update with documentation changes for safer usage and improved clarity:**
- Raised prominent SECURITY WARNING: do not use a primary wallet—always use a dedicated wallet with minimal XNT for backups.
- Replaced scattered requirements sections with a clearly labeled "Required Configuration" table.
- Added repeated security warnings at key sections (setup, requirements).
- No code changes included; updates are documentation and metadata.
- Package version increased from 0.1.10 to 0.2.0.
v0.1.9
x1-vault-memory v1.1.2
- Security: Removed "curl | sh" Solana CLI installer suggestion; now recommends wallet creation via Node.js (`@solana/web3.js`)
- Environment variable requirements clarified in both SKILL.md and package.json; `PINATA_JWT` is now mandatory, `X1_RPC_URL` optional with a default
- Documentation improvements: Clear setup steps, no Solana CLI dependency, and opt-in note for heartbeat auto-restore via cron
- Minor corrections to requirements and file structure in metadata
v0.1.8
x1-vault-memory v0.1.8
- Documentation updates: README.md, SKILL.md, and other docs clarified and revised.
- Internal code improvements in src/anchor.js, src/backup.js, and src/restore.js (details not specified).
- No changes to skill requirements, configuration, or usage flow.
- Version number remains 1.1.1 in documentation; code version is 0.1.8.
v0.1.7
- Version bump from 1.1.0 to 1.1.1.
- Documentation update: added a prominent security note advising users to verify the Solana CLI installer URL for enhanced safety.
- No functional changes to the skill's code or features.
v0.1.6
- Internal changes in src/backup.js with no visible impact on documentation or user-facing features.
- No public-facing changes; usage and setup remain the same.
v0.1.5
x1-vault-memory v0.1.5
- Updated the SKILL.md documentation to include a structured requirements table and configuration details.
- Specified x1_vault_cli/wallet.json as a required config file in metadata and requirements.
- No changes to functionality or source code; this update is documentation-only.
v0.1.4
x1-vault-memory v0.1.4
- Updated documentation in README.md (no feature or usage changes).
- No user-facing functional changes; core functionality and API remain the same.
v0.1.3
x1-vault-memory 0.1.3 Changelog
- Documentation updates in SKILL.md and README.md.
- Clarified required Pinata API token permissions (now recommends pinFileToIPFS only, not Admin).
- Updated wallet keypair creation instructions to new path ("x1_vault_cli/wallet.json").
- Added installation note/link for the official Solana CLI.
- Improved wording and formatting for setup instructions.
v0.1.2
- Switched encryption from NaCl to AES-256-GCM for backups.
- Now explicitly requires X1_RPC_URL as an environment variable.
- Documentation updated to reflect new encryption method and required environment variables.
v0.1.1
Initial release.
- Provides backup and restore for OpenClaw agent memory with NaCl encryption and X1 blockchain anchoring
- Encrypts agent data, uploads to IPFS via Pinata, and anchors CIDs on X1 blockchain
- Includes scripts for backup, restore, and backup listing
- Features automated heartbeat/restoration and selective restore by file/directory
- Supports checksum verification for data integrity and local logging of all backup events
v0.1.0
x1-vault-memory v1.1.0 introduces major enhancements for secure, decentralized agent memory backup:
- Added SHA-256 integrity verification for both backup and restore processes.
- New selective restore feature via --only flag to recover specific files or directories.
- Introduced list command to view all backups with versioned rollback support.
- Added heartbeat self-healing hook for automated restore if failure detected.
元数据
常见问题
X1 Vault Memory 是什么?
Backup and restore OpenClaw agent memory to IPFS with AES-256-GCM encryption and X1 blockchain CID anchoring. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 640 次。
如何安装 X1 Vault Memory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install x1-vault-memory」即可一键安装,无需额外配置。
X1 Vault Memory 是免费的吗?
是的,X1 Vault Memory 完全免费(开源免费),可自由下载、安装和使用。
X1 Vault Memory 支持哪些平台?
X1 Vault Memory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 X1 Vault Memory?
由 Lokoweb3(@lokoweb3)开发并维护,当前版本 v0.1.10。
推荐 Skills