X1 Vault Memory
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill’s code matches its advertised encrypted memory backup/restore purpose, but it handles private agent memory, a Pinata token, and a dedicated wallet key, so users should review those data flows before installing.
This appears purpose-aligned rather than malicious. Before installing, make sure you are comfortable backing up agent memory to IPFS, use a dedicated low-balance wallet, restrict the Pinata token, and restore only trusted CIDs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or over-funded wallet or exposed Pinata token could affect the user’s storage account or wallet funds used for transaction fees.
The skill requires an API token and a wallet keypair. This is expected for Pinata uploads and X1 transaction signing, but it is credential-bearing access that users should explicitly understand.
| `PINATA_JWT` | ✅ Yes | Set in container `.env` - Your Pinata API token for IPFS uploads | ... | `x1_vault_cli/wallet.json` | ✅ Yes | Dedicated wallet only, NOT your main wallet |
Use the documented dedicated low-balance wallet, grant the Pinata key only pinFileToIPFS permission, and keep both PINATA_JWT and wallet.json out of chat logs, repos, and shared workspaces.
Private agent memory and user preferences may be retained outside the local workspace for a long time, and the CID reference is designed to be durable.
The skill externalizes persistent agent identity, profile, tools notes, and memory content to decentralized storage, with an on-chain CID reference. The data is encrypted, but it remains sensitive persistent context.
Compresses agent files (IDENTITY.md, SOUL.md, USER.md, TOOLS.md, memory/) ... Pushes the encrypted blob to IPFS via Pinata's API ... Stores the IPFS CID on the X1 blockchain
Do not store secrets in the backed-up memory files, keep the wallet key secure, and understand that IPFS/on-chain references are not like ordinary deletable local files.
Restoring the wrong CID or an outdated backup could change the agent’s identity, instructions, preferences, or memory across future sessions.
Restore intentionally extracts backup contents into the workspace, which can overwrite persistent agent identity and memory files. This is expected for a restore tool, but it is high-impact file mutation.
await tar.x({ file: archivePath, cwd });
console.log('Backup restored to workspace');Restore only trusted CIDs, prefer `--only` for selective recovery when possible, and keep a local copy of current memory files before full restore.
If scheduled, the skill may automatically restore older memory when it decides SOUL.md or memory/ is missing or too small.
The heartbeat script can perform autonomous restore behavior if the user opts into cron scheduling. The artifacts disclose that it is not enabled by default.
Heartbeat auto-restore must be explicitly scheduled via cron. It is NOT automatic.
Enable heartbeat cron only if automatic restoration is desired, and monitor its log output so unexpected restores are noticed.
Users may not realize from registry metadata alone that npm dependencies must be installed and reviewed.
Installation relies on manually cloning a repository and installing npm dependencies, while registry metadata lists no install spec. The included package files are visible and purpose-aligned, but the install path is under-declared at the registry level.
git clone https://github.com/Lokoweb3/x1-vault-memory.git cd x1-vault-memory npm install
Install from the intended repository, review package.json/package-lock.json, and avoid running unreviewed modified copies.