Storage Private — Encrypted Multi-Node Agent Storage
WarnAudited by ClawScan on May 10, 2026.
Overview
This encrypted storage skill is broadly coherent, but it asks for an ETH private key and can replicate encrypted data plus clear metadata to auto-discovered HTTP storage nodes.
Review this skill before installing. Use only a dedicated empty wallet key, avoid sensitive object names, inspect the remote nodes in `config.json`, and do not run discovery or replication unless you trust the FilStream index and storage nodes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a real or funded wallet key is used, the same secret that controls blockchain assets is exposed to this skill's code path.
The skill asks the runtime to access an ETH private key, which can be a high-impact account credential, for storage encryption. This is not declared in the registry metadata as a primary credential or required environment variable.
**KEK source:** Your ETH private key (set `STORAGE_PRIVATE_KEY` env var or use `~/.openclaw/workspace/.secrets/eth-wallet.env`)
Do not use a funded wallet. If you use the skill, use a dedicated empty key created only for storage encryption, and require the credential requirement to be clearly declared.
Sensitive labels such as project names, secret names, customer identifiers, or operational intent could be exposed even when the stored value itself is encrypted.
Although the blob content is encrypted, user-chosen key names and agent/namespace-style identifiers are sent as filenames or titles to remote storage services in clear text.
filename: `${metadata.key}.encrypted` ... const filename = `${agentId}/${metadata.key}.encrypted`; const title = `[encrypted] ${metadata.key}`;Use non-sensitive random object keys, and update the skill to encrypt or hash metadata before sending it to remote backends.
A compromised, spoofed, or untrusted discovery source could influence where encrypted blobs and clear metadata are replicated.
Node discovery relies on an HTTP index server and writes discovered storage nodes into the configuration as enabled destinations for later replication.
const INDEX_URL = process.env.FILSTREAM_INDEX || 'http://[2a05:a00:2::10:11]:8080'; ... enabled: true ... config.nodes = [...manualNodes, ...newNodes]; ... writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));
Review `config.json` after discovery, disable unknown nodes, prefer authenticated/TLS discovery, and require explicit approval before new nodes receive data.