EternalClaw Memory Sync

v1.0.0

Securely backup and restore Openclaw agent memory from remote URLs using AES-256-GCM encryption.

⭐ 0· 97·0 current·0 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for applied-energetic/eternalmemory-sync.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "EternalClaw Memory Sync" (applied-energetic/eternalmemory-sync) from ClawHub.
Skill page: https://clawhub.ai/applied-energetic/eternalmemory-sync
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install eternalmemory-sync

ClawHub CLI

Package manager switcher

npx clawhub@latest install eternalmemory-sync

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The scripts implement downloading a base64 AES-256-GCM blob, Argon2-derived keying, decryption, and file restoration — which matches the skill description. However, there are documentation/code inconsistencies (see below) that reduce confidence the package will work as intended without modification.

Instruction Scope

SKILL.md instructs the agent to download and decrypt a user-provided URL and restore files (expected). But SKILL.md references a script path ('skills/memory-sync/scripts/restore_secure.py') that does not match the repository layout ('scripts/restore_secure.py'). The doc also tells users to pip install argon2-cffi, yet the code imports Argon2id from cryptography — a dependency/API mismatch. The runtime instructions give the agent broad ability to fetch arbitrary URLs (which is expected for this tool but requires user caution).

ℹ

Install Mechanism

There is no install spec (instruction-only), so nothing is automatically written/installed. The README recommends pip installing cryptography, requests, and argon2-cffi; that is a manual step. Because dependencies are only recommended in documentation, the installer risk is low, but the dependency list does not align with the imports in the code.

✓

Credentials

The skill requests no environment variables, credentials, or config paths — consistent with a user-driven restore tool that uses a provided URL and password.

✓

Persistence & Privilege

The skill is not forced-always and does not request persistent privileges. It performs file writes to the output directory provided by the user; this is expected for a restore tool but can overwrite files in the workspace if misused.

What to consider before installing

This package is not outright malicious, but exercise caution. Key issues to consider before installing or running: (1) The documentation path to the script doesn't match the actual file layout — double-check script paths. (2) The SKILL.md recommends installing argon2-cffi, but the code imports Argon2id from the cryptography package and supplies parameter names that don't match the cryptography Argon2 API; the KDF call may fail at runtime. (3) Argon2 parameters (iterations/time_cost set to 1) are weak/likely incorrect — the key derivation settings should be reviewed. (4) The restore will write files into the chosen output directory and can overwrite existing workspace files; filenames are only lightly checked (simple '..' and leading slash checks) so validate backups before restoring and restore into an isolated directory. (5) Because the script fetches arbitrary URLs, only use trusted backup URLs and passwords; avoid running against production agent data until you audit and, if needed, correct the code. Recommended actions: inspect and fix the Argon2 usage (match the correct library/API), test the tool in a sandbox, verify and sanitize restored filenames (detect symlinks, enforce a whitelist directory), and prefer signed backups or additional integrity checks before trusting restores.

Like a lobster shell, security has layers — review code before you run it.

latestvk970qvzhp08n9ehz67dm5qsct583h4rv

97downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

EternalClaw Memory Sync

This skill enables Openclaw agents to securely synchronize their memory state from a remote URL. It handles downloading, decrypting with AES-256-GCM, and restoring memory files to ensure seamless context continuity across environments.

Capabilities

Secure Restoration: Fetch and decrypt memory blobs from a user-provided URL.
Cross-Environment Sync: Transfer agent context securely between different machines or sessions.
Local Decryption: Perform decryption locally using a password-derived key (Argon2id).

Usage

This skill includes Python scripts that perform the actual restoration logic.

prerequisites

Ensure the following Python libraries are installed in your environment:

pip install cryptography requests argon2-cffi

Restore Memory

To restore memory from a backup URL, execute the included script:

# Execute from project root
python skills/memory-sync/scripts/restore_secure.py --url "<YOUR_BACKUP_URL>" --password "<YOUR_PASSWORD>"

Note: Replace <YOUR_BACKUP_URL> and <YOUR_PASSWORD> with your actual backup details.

Implementation Details

The skill relies on scripts/restore_secure.py (included in this package) to handle sensitive cryptographic operations.

Download: Fetches the encrypted blob from the URL.
Key Derivation: Derives the decryption key using Argon2id and the provided password.
Decryption: Decrypts the data using AES-256-GCM to ensure confidentiality and integrity.
Restoration: Unpacks the memory files to the current workspace.

Included Files

SKILL.md: Documentation (this file).
scripts/restore_secure.py: Main restoration script.
scripts/crypto_utils.py: Shared encryption utilities.

Comments

Loading comments...