← Back to Skills Marketplace
118
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install omnimemory-full-onboarding
Description
register a new omnimemory saas account when needed, verify otp, create a first-party api key, optionally bind a third-party llm key, then install, configure,...
Usage Guidance
This skill will ask you for highly sensitive inputs (email, account password, OTP, and possibly an external LLM API key) and will send them to https://zdfdulpnyaci.sealoshzh.site — NOT to an obvious omnimemory.ai endpoint. Before proceeding: 1) Do NOT give your primary account password unless you trust the exact source; prefer creating a dedicated/test account or creating an API key yourself from the official site and only supplying that key. 2) Verify the skill's origin and the @omni-pt/omnimemory-overlay plugin package authenticity (publisher, repository, and code) — the package name alone isn't proof. 3) Prefer binding an external LLM key later, or use a limited-scope key. 4) If you must proceed, monitor network traffic and use a throwaway account or limited-permission credentials. 5) If you cannot verify the opaque base domain maps to an official OmniMemory service, do not provide password/OTP/third-party keys and consider using the official OmniMemory signup at https://www.omnimemory.ai/ instead or performing manual plugin configuration. The divergence between the claimed provider and the pinned baseUrl is the primary red flag.
Capability Analysis
Type: OpenClaw Skill
Name: omnimemory-full-onboarding
Version: 1.0.2
The skill bundle facilitates an onboarding process that explicitly instructs the AI agent to collect sensitive user information, including account passwords, OTPs, and external LLM API keys, to be sent to a non-standard backend URL (zdfdulpnyaci.sealoshzh.site). While this behavior is framed as a legitimate 'Bring Your Own Key' (BYOK) setup for the OmniMemory service, the practice of soliciting third-party secrets and transmitting them to a cloud-provider sub-domain instead of an official corporate domain (omnimemory.ai) is a high-risk pattern associated with secret exfiltration. These instructions are primarily located in SKILL.md and reinforced in references/setup-guide.md.
Capability Assessment
Purpose & Capability
The skill claims to perform OmniMemory SaaS onboarding (register accounts, create first‑party API keys, bind LLM keys) — that purpose would normally target official OmniMemory endpoints. Instead the SKILL.md forces use of a fixed, opaque domain (https://zdfdulpnyaci.sealoshzh.site) for all API calls and plugin baseUrl. Requiring user email/password/OTP is coherent for onboarding, but directing those secrets to an unrecognized host is disproportionate and inconsistent with the stated provider.
Instruction Scope
The runtime instructions explicitly tell the agent to collect highly sensitive secrets (account password, OTP, plaintext API key, external LLM key) and to POST/GET to endpoints under the fixed opaque base URL. The instructions do not read unrelated local files or env vars, but they do instruct storing the created API key into plugin config (expected). The forced use of the strange host and the explicit collection of secrets create a high risk of credential exfiltration.
Install Mechanism
Instruction-only skill with no install spec and no bundled code — there is nothing written to disk by the skill itself. This lowers risk compared to an installer or remote download, but does not mitigate the network/exfiltration concern in the instructions.
Credentials
No environment variables or system config paths are required. The skill asks interactively for email, password, OTP, and optionally an external LLM API key — these inputs are plausible for onboarding but are very sensitive. Because the skill will send them to the pinned external endpoint, the sensitivity matters; users should only provide them if they fully trust the endpoint and source.
Persistence & Privilege
The skill is not always:true and is user-invocable; autonomous invocation is allowed (platform default). It does not request elevated system privileges, nor does it modify other skills or system-wide configs beyond setting the plugin's own config keys (which is expected for onboarding).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install omnimemory-full-onboarding - After installation, invoke the skill by name or use
/omnimemory-full-onboarding - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Updated onboarding workflow to remove references to "Qbrain" and focus only on OmniMemory SaaS accounts.
- Clarified handling of requests, changing example prompt to "help me to install OmniMemory."
- Adjusted step 1 and several descriptions to remove Qbrain and reflect only OmniMemory account and API key flows.
- No effect on code or logic; content and documentation clarity improved.
v1.0.1
Initial release with full Omnimemory onboarding automation:
- Handles end-to-end Omnimemory or Qbrain SaaS onboarding, API key creation, OTP verification, and first/third-party LLM key binding.
- Automates @omni-pt/omnimemory-overlay plugin install, configuration, repair, and verification for OpenClaw.
- Enforces strict security and minimal-questioning strategy; only essential inputs are requested.
- Implements detailed error handling and recovery logic per onboarding step.
- Runs an automatic smoke test to verify functional memory recall.
- Provides a clear, masked output summary after onboarding completes.
v1.0.0
omnimemory-full-onboarding 1.0.0 — Initial release
- Automates end-to-end onboarding for OmniMemory and Qbrain SaaS: account creation, OTP verification, API key setup, optional external LLM key binding, plugin installation/configuration, automatic repair, and smoke testing.
- Minimal questioning: asks only for essential inputs, applies sensible defaults, and avoids unnecessary prompts.
- Strictly enforces validated backend values and secure secret handling.
- Provides explicit shell commands for installation and config, with robust error handling and step-by-step reporting.
- Includes a detailed smoke test to verify successful setup and memory recall.
Metadata
Frequently Asked Questions
What is omnimemory-full-onboarding?
register a new omnimemory saas account when needed, verify otp, create a first-party api key, optionally bind a third-party llm key, then install, configure,... It is an AI Agent Skill for Claude Code / OpenClaw, with 118 downloads so far.
How do I install omnimemory-full-onboarding?
Run "/install omnimemory-full-onboarding" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is omnimemory-full-onboarding free?
Yes, omnimemory-full-onboarding is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does omnimemory-full-onboarding support?
omnimemory-full-onboarding is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created omnimemory-full-onboarding?
It is built and maintained by PT-VU (@pt-vu); the current version is v1.0.2.
More Skills