ClawHub

Agent Soul Sync

v0.3.0

Sync local OpenClaw skills to a remote NanoClaw agent on Mysta. Use when the user says "sync my skills", "upload skills to mysta", "push skills to my nanocla...

0· 107·0 current·0 all-time
by@hongyegong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say it will sync local OpenClaw skills to a Mysta NanoClaw agent; the runtime instructions require curl, jq, and a Mysta API key and explicitly read local SKILL.md files from expected OpenClaw skill paths—these requirements are appropriate for that goal. Note: default endpoints point to staging (app.staging.mysta.tech / api.staging.mysta.tech); confirm you intend to use staging vs production.
Instruction Scope
Instructions only read SKILL.md files from the two documented locations, initialize an MCP session, and POST skill contents to the Mysta MCP endpoint—this matches the described sync workflow. Warning: SKILL.md files may contain secrets or private code; the instructions will upload full file contents to the remote agent. The workflow prompts selection of which skills to upload, but you should explicitly review selections before proceeding.
Install Mechanism
Instruction-only skill with no install steps and no code files—no downloads or archive extraction. This is low risk from an install/execution point of view.
Credentials
The only required secret is MYSTA_API_KEY, which is proportional to an API-based sync operation. Ensure the API key is obtained from the official Mysta site and scoped/minimized; the SKILL.md also supports overriding MCP_URL (MYSTA_MCP_URL), so verify that endpoint before use.
Persistence & Privilege
Skill is not always-enabled, is user-invocable, and does not request persistent system changes or modify other skills' configurations. It asks for read/exec actions in metadata (to read files and run shell commands), which align with its declared behavior.
Assessment
This skill is coherent for uploading your local OpenClaw SKILL.md files to a Mysta agent, but take these precautions before using it: 1) Verify the endpoint—the SKILL.md defaults to staging (app.staging.mysta.tech); switch to your production MCP_URL only if you trust the destination. 2) Inspect the SKILL.md files you plan to upload—do not upload files that contain secrets, API keys, or private data. 3) Create a Mysta API key with the least privileges required and set it only in a session or a secure place (export MYSTA_API_KEY=mysta_...), and consider rotating/revoking the key after use. 4) Confirm the selection step each run (choose specific skills rather than 'all' when possible). If you need stronger assurance, ask the skill/provider for an official production endpoint and privacy/security documentation before uploading.

Like a lobster shell, security has layers — review code before you run it.

latestvk978199kjmpnh40qdb5dr1009s83nv9h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis

Comments