ClawHub

MOCI — Memory-bound OpenClaw Identity

v0.1.0

Generate, validate, export, and manage MOCI — the identity system for OpenClaw agents. Use this skill whenever the user mentions MOCI identity, agent ID, moc...

0· 65·0 current·0 all-time
by@mociforge
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (agent identity lifecycle) align with what the files and SKILL.md do: generate IDs, derive device/passphrase keys, maintain on-disk encrypted identity, enforce write-gates and promote memory rings. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
Runtime instructions and reference code read local system properties (hostname, homedir, machineId), create/read files under ~/.openclaw (device salt, encrypted identity, breadcrumb counter), and perform cryptographic operations — all expected for a device-tied identity system. Note: some audit/log calls include small content previews on rejected writes (possible privacy-sensitive logging). The skill relies on a trusted Gateway to enforce caller tokens and to prevent the agent from performing writes; that trust boundary is important but not contradictory to its purpose.
Install Mechanism
No install spec; the skill is instruction-only with a reference implementation file. Nothing is downloaded or installed automatically by the skill package itself.
Credentials
The skill requests no environment variables or external credentials. It does read system attributes (hostname, homedir, machineId) and writes files in the user's home directory — these are proportionate to deriving a device fingerprint and storing a device salt.
Persistence & Privilege
always:false and no declarations that the skill will persist beyond its own files. The skill writes only within ~/.openclaw and its own identity/breadcrumb files; it does not request to modify other skills or global agent settings in the repository. It does assume the Gateway enforces write-gate policies (a design/operational dependency).
Assessment
This skill appears to be what it claims: an on-device identity manager that creates a device salt, derives keys from local identifiers, encrypts an identity file, and enforces memory write controls. Before installing, confirm you are comfortable with it creating and reading files under ~/.openclaw (device salt, encrypted identity, breadcrumb counter). Understand that Tier 1 identities are device-bound (not portable) until you explicitly export and set a passphrase. Ensure the OpenClaw Gateway/runtime you use enforces the described write-gate and redaction protections (the design assumes the Gateway holds tokens and blocks direct agent writes). Also review your logging/audit configuration: rejected writes record a short content preview in audit logs (useful for security, but potentially privacy-sensitive). If you plan to run agents in containers, remember to mount ~/.openclaw as a volume to persist the device salt. If any of these operational assumptions (trusted Gateway, file location, logging behavior) are unacceptable, do not install or deploy the skill until those are addressed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ffvz9j64whvsmcn6a9y7d3583h5vz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments