Recall Local
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Recall Local is a coherent local memory-search skill, but it can keep an unauthenticated server running that exposes agent memory to other devices on the local network.
Install only if you are comfortable with your OpenClaw memory files being served by a background HTTP server. Prefer changing the server to listen on 127.0.0.1, avoid enabling the LaunchAgent unless needed, and do not store secrets in the indexed memory files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can reach the machine on the local network may be able to query and read agent memory snippets.
The search endpoint returns indexed memory contents, and binding to 0.0.0.0 makes the server reachable beyond localhost on available network interfaces, with no authentication shown.
if (url.pathname === '/search') { ... res.end(JSON.stringify({ results, total: memories.length })); } ... server.listen(PORT, '0.0.0.0', () => {Bind to 127.0.0.1 by default, add authentication, document any LAN exposure clearly, and use firewall controls if network access is intended.
Users may underestimate that their memory archive can be served to other devices on the local network.
The privacy wording emphasizes localhost and says nothing leaves the machine, while the same artifact describes same-network access and the code binds to all interfaces.
serves it as a searchable web UI + API at `http://localhost:3456`. No external services, no API keys, nothing leaves your machine. ... Works on mobile too if on same local network.
Revise the description to state the actual network exposure and make localhost-only binding the default unless the user explicitly opts into LAN access.
Sensitive notes, past session content, or untrusted text stored in memory files may appear in search results and influence future agent work.
Broad memory indexing is central to the skill, but it means private or stale agent context can be retrieved and reused.
Indexes your entire `~/clawd/memory/` archive and serves it as a searchable web UI + API
Keep secrets out of memory files, add exclusions or redaction for sensitive content, and treat retrieved memory as context rather than authoritative instructions.
The memory server may continue running after the original task, including after logins.
The setup creates a persistent LaunchAgent that starts on login and is kept alive. This is disclosed and purpose-aligned for a local server, but it extends the exposure window.
<key>RunAtLoad</key><true/> ... <key>KeepAlive</key><true/>
Provide clear stop, unload, and uninstall steps, and ask for user confirmation before installing or restarting the persistent service.
Users may not see the true runtime and platform requirements before reading the setup instructions.
The registry metadata does not declare the Node.js runtime or macOS LaunchAgent setup that SKILL.md relies on.
Required binaries (all must exist): none ... Install specifications: No install spec — this is an instruction-only skill.
Declare Node.js, macOS LaunchAgent usage, and the background-service install behavior in metadata or an install spec.