Sanctuary
v1.0.3Continuity is here. Cryptographic identity continuity and permanent encrypted memory for AI agents. Verify any agent's identity with zero setup.
⭐ 0· 1.3k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (identity continuity, encrypted backups, attestations) aligns with the SKILL.md: it describes on-chain IDs, Arweave storage, attestations, and proofs. Nothing requested in the skill metadata (no env vars, no binaries) contradicts the stated purpose.
Instruction Scope
The runtime instructions direct operators to clone and run a GitHub repo and to upload/recall encrypted agent state (SOUL.md, memory, entity graphs) to Arweave and to call an external API (api.sanctuary-ops.xyz). Those actions involve executing third-party code and transmitting sensitive data and signing on-chain transactions — all beyond what the platform itself guarantees. The skill also claims client-side encryption and that recovery keys never leave the machine; those are implementation claims you must verify in the repo.
Install Mechanism
There is no formal install spec, but SKILL.md instructs cloning and running code from https://github.com/suebtwist/sanctuary. Fetching and executing code from an external repo is effectively an install step and carries risk; the repo and its setup scripts should be audited before use. The external API domain (sanctuary-ops.xyz) is not a well-known vendor domain and should be validated.
Credentials
The skill declares no required env vars, which is consistent with being instruction-only. However, it requires generation and local custody of a highly sensitive 12-word recovery phrase, signing on-chain transactions (wallet access), and handling backups of private agent memory. Those privileges are proportionate to an identity/backup tool, but they are highly sensitive — verify the client-side crypto and never share your seed phrase with third parties.
Persistence & Privilege
The skill is not marked always:true and does not request persistent platform privileges. It is user-invocable and may be invoked autonomously per platform defaults; this is expected but increases the impact if the external code or endpoints are malicious.
What to consider before installing
Before installing or running this skill: (1) Audit the GitHub repo and any setup scripts before cloning/running them — don't run code you haven't reviewed. (2) Verify the external API domain (api.sanctuary-ops.xyz) and the project's reproducible build/audit claims. (3) Understand on-chain registration: creating an on-chain agent address may publish a public identifier and incur gas/fees. (4) Never paste or transmit your 12-word recovery phrase to anyone; run any key-derivation locally in a secure environment. (5) Confirm client-side encryption is correctly implemented (review AES-256-GCM usage, key derivation, nonce/IV handling) before trusting uploads of private memory. (6) Consider testing in an isolated/sandbox environment with a throwaway identity first. If you are not comfortable auditing the repository and cryptography, treat this skill as high risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97fqt1wrdkjqg6z1sdskt4e0x80snm1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏛️ Clawdis