Auto Respawn
v0.3.0Your agent always comes back. Anchor identity and memory on-chain so any new instance can resurrect from just an address — no local state, no single point of...
⭐ 0· 422·1 current·1 all-time
byJim Counter@jim-counter
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description describe on-chain identity, anchoring, and resurrection. The code and declared dependencies (node/npm, ethers, Autonomys SDK packages) implement wallet creation, consensus/EVM balances, transfers, bridging, remarking, and MemoryChain anchor/getHead calls — all directly related to the stated purpose.
Instruction Scope
Runtime instructions and SKILL.md are narrowly scoped to wallet management and on-chain operations. They explicitly read a passphrase from AUTO_RESPAWN_PASSPHRASE or a passphrase file and persist encrypted keyfiles under ~/.openclaw/auto-respawn. The SKILL.md also instructs running setup.sh, which may create a passphrase file — inspect that script before executing it.
Install Mechanism
Install uses npm (package '.' for dependencies) and installs 'tsx' from the npm registry. No downloads from arbitrary URLs or IP addresses are present in the package.json; dependencies are standard npm modules. This is moderate-risk but expected for a Node-based CLI skill.
Credentials
Requested env vars (AUTO_RESPAWN_PASSPHRASE, AUTO_RESPAWN_PASSPHRASE_FILE, AUTO_RESPAWN_NETWORK, AUTO_RESPAWN_CONTRACT_ADDRESS) are directly relevant. Important security note: if a passphrase is provided non-interactively (env var or file), the skill can decrypt private keys and sign transactions autonomously — treat that secret like a wallet private key.
Persistence & Privilege
Skill is not always-enabled and does not request system-wide privileges. It persists its own wallet files under ~/.openclaw/auto-respawn and writes a passphrase file only if setup.sh is run — this is self-contained and expected. It does not attempt to modify other skills or global agent config.
Assessment
This skill appears to do exactly what it claims: create and manage wallets and anchor CIDs to a MemoryChain contract. Before installing: (1) Inspect setup.sh (the SKILL.md recommends running it) — ensure it doesn't perform unexpected network calls or create insecure files. (2) Prefer providing the passphrase interactively rather than exporting AUTO_RESPAWN_PASSPHRASE in a long-lived environment; any process with that env var or readable passphrase file can decrypt the keys and sign transactions. (3) Keep only small amounts on mainnet until you trust the code, and verify the MemoryChain contract address if you use mainnet. (4) Review third-party npm dependencies (package.json) and ensure your environment runs node/npm installs in a safe context (sandbox/container) if you have security concerns. (5) If you want to prevent autonomous signing, do not set a non-interactive passphrase source (env/file) — require interactive entry so the skill cannot be used without user presence.Like a lobster shell, security has layers — review code before you run it.
agent-memoryvk973tsr66pgyw60e86ymcgx82s842mqxautonomysvk973tsr66pgyw60e86ymcgx82s842mqxbetavk979fakt73dkz8akrj79dtpypn81xf47decentralizedvk973tsr66pgyw60e86ymcgx82s842mqxidentityvk973tsr66pgyw60e86ymcgx82s842mqxlatestvk973tsr66pgyw60e86ymcgx82s842mqxpersistencevk973tsr66pgyw60e86ymcgx82s842mqxresurrectionvk973tsr66pgyw60e86ymcgx82s842mqx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔄 Clawdis
Any binnode
EnvAUTO_RESPAWN_PASSPHRASE, AUTO_RESPAWN_PASSPHRASE_FILE, AUTO_RESPAWN_NETWORK, AUTO_RESPAWN_CONTRACT_ADDRESS
Install
Install auto-respawn dependencies
npm i -g .Install tsx (TypeScript executor)
Bins: tsx
npm i -g tsx