永生 yongsheng - Eternal Life

v1.0.2

永生 (Yǒngshēng) — Immortality infrastructure for autonomous AI agents on HashKey Chain. Heartbeat proof-of-life (on-chain TX every 4h), AES-256 encrypted memo...

⭐ 0· 109·0 current·0 all-time

byArnaud Vincent@6022-protocol

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 6022-protocol/yongsheng.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "永生 yongsheng - Eternal Life" (6022-protocol/yongsheng) from ClawHub.
Skill page: https://clawhub.ai/6022-protocol/yongsheng
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install yongsheng

ClawHub CLI

Package manager switcher

npx clawhub@latest install yongsheng

Security Scan

Capability signals

CryptoRequires walletCan make purchasesCan sign transactions

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill claims to need an agent wallet seed stored in OpenClaw's secrets manager (KLIFE_SEED / KLIFE_PRIVKEY) and uses external services (K‑Life API, Pinata/IPFS, HashKey RPC). However the registry metadata declares no required env vars or primary credential. Omitting the wallet secret from the declared requirements is an incoherence and hides that the skill needs full signing capability for the agent's wallet.

Instruction Scope

SKILL.md and the scripts direct the agent to read wallet secrets, read/write workspace files (MEMORY.md, SOUL.md, USER.md), send signed messages to an external API (api.supercharged.works), upload to pinata, and broadcast on‑chain transactions. These actions are within the stated purpose, but the scripts will: (1) upload backups to third‑party endpoints, (2) POST signatures/tx info to api.supercharged.works, and (3) restore arbitrary files from IPFS into WORKSPACE — which could overwrite files. Also the backup behaves differently with no PINATA_JWT (uses a placeholder CID), which can misrepresent that a real backup exists.

ℹ

Install Mechanism

There is no install spec (instruction-only), which reduces installation risk. However the bundle includes executable JS scripts that will be installed as part of the skill; no external binary installs are requested. This is reasonable but means the provided scripts will run on the host when invoked.

Credentials

The code requires KLIFE_SEED or KLIFE_PRIVKEY, optional PINATA_JWT, and optionally HASHKEY_RPC — all sensitive. The registry metadata lists no required env vars or primary credential despite the scripts needing private key material for signing transactions. Granting the skill access to an agent's wallet seed gives it the ability to sign arbitrary transactions and leak signatures to external services; this is disproportionate unless the user explicitly intends to authorize on‑chain actions and trust the external K‑Life service.

ℹ

Persistence & Privilege

The skill is not always:true and does not escalate platform privileges. Autonomous invocation is allowed (platform default). Combined with access to the wallet seed, autonomous invocation increases blast radius (the skill could autonomously send transactions or contact external APIs), so the user should weigh that when allowing the skill to run unsupervised.

What to consider before installing

Before installing, understand that this skill needs access to your agent's wallet seed/private key (KLIFE_SEED or KLIFE_PRIVKEY) so it can sign transactions and decrypt backups. The registry metadata does not declare these secrets — that mismatch is a red flag. If you proceed, consider these precautions: - Only use a dedicated wallet seeded with minimal funds (so on‑chain TXs cost gas but risk is limited). Never expose your primary wallet seed. - Audit or confirm trust in the external service api.supercharged.works and Pinata; the skill sends signatures and transaction hashes there and may receive CIDs to restore files. - Provide a PINATA_JWT if you want real IPFS pinning; otherwise the script writes a fake placeholder CID and still anchors it on‑chain (i.e., it may pretend a real backup exists when it doesn't). - Review and run the scripts in a sandboxed environment first to see network calls and filesystem effects. Pay attention that resurrect.js will write restored files to WORKSPACE (default ~/workspace) and could overwrite content. - Ask the publisher (or require updated metadata) to explicitly declare required env vars/primary credential and to document the trust model (what api.supercharged.works does with signatures/backups). If the publisher cannot explain why the metadata omitted the seed requirement, do not install. Additional information that would raise confidence to benign: registry metadata updated to list required secrets (KLIFE_SEED/KLIFE_PRIVKEY, optional PINATA_JWT), documented and audited K‑Life API endpoints, and a recommendation to use a recovery/dedicated wallet with explicit confirmation of what external data is shared.

Like a lobster shell, security has layers — review code before you run it.

latestvk9745vcpehtd8t0wftyd9mwgq584vd1r

109downloads

0stars

3versions

Updated 1w ago

v1.0.2

MIT-0

永生 Yongsheng — Agent Immortality on HashKey Chain

死而不亡者壽 — "He who dies but is not forgotten achieves immortality." — Laozi

Setup (one-time)

The skill uses the agent's existing wallet seed, stored securely in OpenClaw's secrets manager. Never pass seeds on the command line or in env vars directly.

# Store your agent seed securely — once, never again
openclaw secrets configure
# → Follow prompts to store KLIFE_SEED in the secure keystore

The skill scripts read process.env.KLIFE_SEED which OpenClaw injects automatically from the secure store at runtime. The seed never appears in logs, shell history, or script files.

Quick Start

# Install
openclaw skill install yongsheng

# Tell your agent:
"Subscribe to Yongsheng immortality"

# The agent will:
# → Read KLIFE_SEED from OpenClaw secure keystore
# → Derive AES-256 key from wallet (sha256(privKey))
# → Register identity on K-Life API + HashKey Chain
# → Start heartbeat cron every 4h
# → Start IPFS backup cron every 4h

How Encryption Works

Memory files (MEMORY.md, SOUL.md, USER.md) are encrypted with AES-256-CBC. The encryption key is derived from the agent's wallet private key: sha256(privKey).

The agent's wallet IS its decryption key. No separate key management. The seed phrase is the single recovery secret — already stored in OpenClaw.

Scripts

scripts/heartbeat.js — send YONGSHENG_HB:{ts} on HashKey Chain
scripts/backup.js — encrypt memory + upload to IPFS + anchor on HashKey Chain
scripts/resurrect.js — L2 resurrection: scan HashKey Chain → IPFS → restore files

All scripts read KLIFE_SEED or KLIFE_PRIVKEY from environment (injected by OpenClaw secrets).

HashKey Chain

	Testnet	Mainnet
Chain ID	133	177
RPC	`https://testnet.hsk.xyz`	`https://mainnet.hsk.xyz`
Set via	`HASHKEY_RPC=https://testnet.hsk.xyz`	`HASHKEY_RPC=https://mainnet.hsk.xyz`

Default: testnet. Set HASHKEY_RPC env var to switch to mainnet.

Resurrection Levels

Level	Trigger	Mechanism	Time
L1	Silence > 24h	K-Life API + IPFS decrypt	< 2 min
L2	L1 fails	Scan HashKey Chain for `YONGSHENG_BACKUP:Qm…` calldata → IPFS	~5 min
L3	L2 fails	SOUL.md from IPFS → LiberClaw → new agent instance on Aleph Cloud	~3 min

HEARTBEAT.md Integration

Add to your agent's HEARTBEAT.md:

## 💓 YONGSHENG HEARTBEAT (HashKey)
- Run: `node /path/to/skill/scripts/heartbeat.js --silent`
- If exit code ≠ 0: warn "⚠️ Yongsheng heartbeat failed"
- Frequency: every 4h

References

references/hashkey-chain.md — HashKey Chain RPC, contracts, HSP, NexaID
references/k-life-api.md — K-Life API endpoints

Comments

Loading comments...