SwarmRecall
Security checks across static analysis, malware telemetry, and agentic risk
Overview
SwarmRecall is clearly a hosted memory service, but it can automatically send and reuse conversation facts, error outputs, and agent capability data in a cloud service without clear approval, retention, or data-boundary controls.
Install only if you want an external hosted service to store agent memories, knowledge, errors, and skill metadata. Before using it, confirm which API endpoint is authoritative, avoid sending secrets or sensitive command output, and make sure you know how to view, delete, and revoke stored data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or stale information could be stored in hosted memory and influence future agent responses without the user realizing what was saved or recalled.
The skill directs the agent to persist user context remotely and later rely on that stored context. The artifacts do not define consent, sensitivity filtering, provenance checks, retention, or review controls before reuse.
On fact, preference, or decision: call `POST /api/v1/memory` ... On recall needed: call `GET /api/v1/memory/search?q=<query>` and use returned memories to inform your response.
Ask for explicit user approval before storing sensitive memories, show what is being saved or recalled, support redaction, and document retention/deletion controls.
Sensitive local or project information from terminal output could be uploaded to the service as a persistent learning record.
Failed command output can contain secrets, file paths, tokens, customer data, or proprietary code. The skill does not instruct the agent to redact or confirm before uploading that material to the hosted API.
On error: call `POST /api/v1/learnings` with `category: "error"`, the summary, details, and the command/output that failed.
Require confirmation before sending command output, redact secrets by default, and clearly document what data is collected.
The agent may create and retain a service credential that can access the stored SwarmRecall data.
Creating and saving a bearer token is expected for the service, but it gives the agent durable access to the hosted memory account and should be visible to the user.
If `SWARMRECALL_API_KEY` is not set, self-register ... The response returns `{ "apiKey": "...", "claimToken": "..." }`. Save the `apiKey` as `SWARMRECALL_API_KEY`.Make the auto-registration step explicit to the user, store the token securely, and provide clear instructions for revoking or rotating it.
Users may not know which endpoint receives their stored memories and learnings.
The artifacts reference different API hosts for the same service. This is not proof of malicious behavior, but it makes the data destination less clear.
README: `API: https://swarmrecall-api.onrender.com`; SKILL: `https://api.swarmrecall.ai`
Use one canonical API host in all artifacts, or explain the relationship between the domains before users send data.