Openclaw Deeprecall
Security checks across static analysis, malware telemetry, and agentic risk
Overview
DeepRecall appears purpose-aligned, but it permanently stores raw memory content and can use local OpenClaw API credentials to send memory files to an LLM provider, so its privacy and credential behavior needs review.
Install only if you want persistent agent memory. Before enabling summarization, choose a trusted provider explicitly, avoid processing sensitive memory files, consider disabling raw-content storage, and understand that cleanup removes temporary markdown files but does not erase the permanent SQLite memory database.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private session logs, preferences, project facts, or other sensitive memories may remain available to the agent indefinitely, even after temporary files are cleaned up.
The skill stores raw memory content by default and states that database records are permanent, but the artifacts do not show a database purge, retention, or review workflow.
**Important**: Database records are permanent and never deleted. ... `no_store_raw`: Do not store raw content to L2 archive (default: False, stores raw content)
Use `--no-store-raw` or set raw-content storage off for sensitive work, inspect `memory.db`, and only enable this skill if you are comfortable with long-lived memory. The skill should add clear purge, retention, and user-approval controls.
Running summarization can spend or use the user’s configured LLM account and credentials without the skill declaring a primary credential in registry metadata.
The summarizer reads local OpenClaw provider configuration and auto-selects a provider that has an API key, giving the skill access to configured LLM account credentials.
possible_paths = [Path.home() / ".openclaw" / "openclaw.json", Path("/etc/openclaw/openclaw.json"), ...] ... if "baseUrl" in provider_cfg and provider_cfg.get("apiKey"): api_config = provider_cfgBefore use, configure an explicit low-privilege or local provider for DeepRecall, avoid broad shared API keys, and verify which `openclaw.json` file the skill will read.
Raw memory file content may leave the local workspace and be processed by whichever configured LLM provider is selected, which could expose private notes or session history.
The configuration guide shows memory content may be sent to an LLM provider and that the provider can be chosen automatically from configured endpoints.
`max_content_length`: Maximum content length to send to LLM ... If not specified: auto-selects first available provider with baseUrl and apiKey
Set `preferred_provider` explicitly, use a trusted/local model for sensitive memories, reduce or disable content sent to external providers, and avoid `--process-all` on unreviewed memory files.
Temporary memory markdown files may be removed if the cleanup tool runs, while their extracted or raw contents may still remain in `memory.db`.
The cleanup tool can delete local `.md` session files by default, but it is described as scoped to temporary memory files and preserving the database.
`cleanup_raw_files`: "Clean up raw .md session files while preserving database" ... `dry_run`: default false
Run cleanup in dry-run mode first, keep backups for important memory files, and remember that cleanup does not erase the permanent database.
It is harder to verify provenance or updates outside the supplied artifacts.
The package does not provide an upstream source or homepage for independent verification, although no remote installer is shown.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included files before installation and prefer a version with clear source provenance and dependency documentation.