Recall Local
Local memory search for OpenClaw agents. Runs a lightweight Node.js server that indexes all files in ~/clawd/memory/ plus MEMORY.md and WORKING.md, then expo...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 36 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The code implements a local search over ~/clawd/memory, MEMORY.md, and WORKING.md which matches the declared purpose. However the SKILL.md and runtime clearly require Node.js to run, yet requires.binaries lists none; that's an incoherence. Also SKILL.md uses macOS launchctl/LaunchAgent but the skill metadata does not declare an OS restriction.
Instruction Scope
Instructions tell the agent/user to copy the bundled server.js into ~/clawd/tools/recall-local and install a macOS LaunchAgent that will run node at login. The runtime reloads and indexes all files in the stated memory locations (expected) but the SKILL.md claims the service is at 'localhost' while the server binds to '0.0.0.0' making it reachable from the local network — a meaningful discrepancy that increases exposure. The instructions also assume paths (e.g. /opt/homebrew/bin/node) and require replacing YOUR_USERNAME, but do not check for Node or platform.
Install Mechanism
There is no automated install spec (instruction-only), and the code is small and included in the package. This is lower-risk than remote downloads, but the instructions require the user to copy files and create a LaunchAgent — the install is manual and could be done incorrectly.
Credentials
No credentials or env vars are requested (appropriate). However the server listening on 0.0.0.0 (not limited to 127.0.0.1) exposes indexed memory to other devices on the local network; the SKILL.md's text erroneously emphasizes 'nothing leaves your machine' without highlighting LAN exposure. Also Node is required but not declared.
Persistence & Privilege
The SKILL.md instructs creating a LaunchAgent in ~/Library/LaunchAgents to run at login and keep alive — this gives the skill per-user persistence (starts automatically on login). It's user-scoped and not an 'always' system-level privilege, but you should be aware it modifies your per-user startup items.
What to consider before installing
The code does what it says (indexes ~/clawd memory files and serves a search UI), but before installing: 1) verify you have Node.js and update the LaunchAgent path or run the server manually; the skill metadata failing to declare Node as a required binary is an oversight. 2) The server binds to 0.0.0.0 (accessible from your LAN) even though the README emphasizes localhost—if you want local-only access change server.listen to '127.0.0.1' or firewall the port. 3) Inspect scripts/server.js yourself (it's small) to confirm it only reads the intended files; remove the LaunchAgent if you prefer not to persist. 4) Because it will expose your agent's memory, review the contents of ~/clawd/memory, MEMORY.md, and WORKING.md for sensitive data before enabling network access. These inconsistencies look like sloppy packaging rather than overtly malicious behavior, but they materially affect privacy and exposure, so proceed with caution.scripts/server.js:22
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Recall Local
Indexes your entire ~/clawd/memory/ archive and serves it as a searchable web UI + API at http://localhost:3456. No external services, no API keys, nothing leaves your machine.
Setup (first time)
# Copy the server to your tools directory
mkdir -p ~/clawd/tools/recall-local
cp "$(dirname "$0")/scripts/server.js" ~/clawd/tools/recall-local/server.js
# Create a LaunchAgent so it starts on login
cat > ~/Library/LaunchAgents/ai.wren.recall-local.plist << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key><string>ai.wren.recall-local</string>
<key>ProgramArguments</key>
<array>
<string>/opt/homebrew/bin/node</string>
<string>/Users/YOUR_USERNAME/clawd/tools/recall-local/server.js</string>
</array>
<key>RunAtLoad</key><true/>
<key>KeepAlive</key><true/>
<key>StandardOutPath</key><string>/Users/YOUR_USERNAME/clawd/tools/recall-local/recall.log</string>
<key>StandardErrorPath</key><string>/Users/YOUR_USERNAME/clawd/tools/recall-local/recall.log</string>
</dict>
</plist>
EOF
# Replace YOUR_USERNAME, then load it
launchctl load ~/Library/LaunchAgents/ai.wren.recall-local.plist
Or just run it manually: node ~/clawd/tools/recall-local/server.js &
Search (agent use)
curl -s "http://localhost:3456/search?q=YOUR+QUERY" | python3 -c "
import json,sys
d = json.load(sys.stdin)
print(f'{d[\"total\"]} chunks indexed')
for r in d['results'][:5]:
print(f'[{r[\"source\"]}] {r[\"text\"][:300]}')
print()
"
Check if running / start if down
curl -s http://localhost:3456/search?q=test > /dev/null 2>&1 && echo "UP" || (echo "Starting..."; launchctl start ai.wren.recall-local; sleep 2)
Human UI
Open http://localhost:3456 in a browser. Search box, results below. Works on mobile too if on same local network.
Tips
- Reloads all files on every search — always reflects the latest memory
- Source filenames are dates (
2026-03-01.md) — useful for spotting when something happened - Multi-word queries score better than single words
- For broad questions use general terms; for specific lookups use exact terms
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…