DeepRecall
v1.0.8Pure-Python recursive memory recall for persistent AI agents. Manager→workers→synthesis RLM loop — no Deno, no fast-rlm, just HTTP calls to any OpenAI-compat...
⭐ 1· 387·0 current·0 all-time
byDaniel-Stefan Chitez@stefan27-4
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (recursive memory recall) align with the code: the package scans a workspace, builds an index, runs a manager→workers→synthesis loop and issues HTTP requests to LLM providers. The many optional provider API env vars and OpenClaw config paths are reasonable for a multi-provider LLM bridge.
Instruction Scope
SKILL.md and code instruct the agent to scan the OpenClaw workspace (default ~/.openclaw/workspace), read OpenClaw config and credentials files (models.json, openclaw.json, credentials dir), and include discovered file contents as context for LLM calls. This is expected for a memory-recall tool, but means local files (the agent's memories and any file inside that workspace) may be sent to external provider endpoints.
Install Mechanism
No install spec in registry; SKILL.md suggests pip install from PyPI or GitHub. No download-from-arbitrary-URL install behavior in the skill metadata. The lack of an enforced install step lowers install-surface risk, but installing an unvetted pip package still carries normal supply-chain risk.
Credentials
The skill requests many optional provider API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, etc.), which is coherent for a multi-provider bridge. It also reads OpenClaw config and credentials directories to resolve tokens (including a GitHub Copilot token file if present). Accessing those OpenClaw credential files is functionally justified but increases sensitivity — those files may contain tokens that the skill reads (for configuration), so limit access to trusted credentials.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It does not modify other skill configurations. Autonomous invocation is allowed (default) but that is expected; nothing indicates permanent or privileged system presence beyond ordinary skill behavior.
Assessment
This skill appears to be what it says: it will scan your OpenClaw workspace, read OpenClaw config and credential files, and send discovered file contents to configured LLM providers. Before installing: 1) Review what directory is used as your OpenClaw workspace (default ~/.openclaw/workspace) and remove/relocate any secrets or files you don't want sent to external LLMs. 2) Inspect ~/.openclaw/openclaw.json, agents/*/models.json and ~/.openclaw/credentials/* because the skill will read them to resolve providers/tokens. 3) Only supply API keys for providers you trust and avoid pointing the skill at a workspace containing arbitrary system files. 4) Installing from an unknown GitHub/pypi package has ordinary supply-chain risk — prefer to audit the source or install in an isolated environment. If you want, I can list the exact files and code locations the skill will read and the network endpoints it may call.Like a lobster shell, security has layers — review code before you run it.
infinite memoryvk97cs8fqd3wrmevh6njhk5qh1s8216vslatestvk97a0jnnkt7hsy2fr3yxf8fdes82c9csmemoryvk97cs8fqd3wrmevh6njhk5qh1s8216vsrecallvk97cs8fqd3wrmevh6njhk5qh1s8216vsrecursivevk97cs8fqd3wrmevh6njhk5qh1s8216vsrlmvk97cs8fqd3wrmevh6njhk5qh1s8216vs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvANTHROPIC_API_KEY (optional), OPENAI_API_KEY (optional), GOOGLE_API_KEY (optional), OPENROUTER_API_KEY (optional), DEEPSEEK_API_KEY (optional), MISTRAL_API_KEY (optional), TOGETHER_API_KEY (optional), GROQ_API_KEY (optional), FIREWORKS_API_KEY (optional), COHERE_API_KEY (optional), PERPLEXITY_API_KEY (optional), SAMBANOVA_API_KEY (optional), CEREBRAS_API_KEY (optional), XAI_API_KEY (optional), MINIMAX_API_KEY (optional), ZHIPU_API_KEY (optional), MOONSHOT_API_KEY (optional), DASHSCOPE_API_KEY (optional)