中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 10/100
Last scan:2 days ago Rescan
10 /100
totalreclaw
End-to-end encrypted memory vault for AI agents using AES-256-GCM E2EE
TotalReclaw is a legitimate E2EE memory vault skill. All pre-scan flags are benign: base64 Buffer operations are standard AES-256-GCM ciphertext encoding, hardcoded passwords are test-only fixtures, and the filesystem/network access is inherent to its stated purpose.
Skill Nametotalreclaw
Duration164.6s
Enginepi
Safe to install
Approve for use. Consider documenting the implicit filesystem:WRITE need for credential storage and the implicit network:WRITE need for the server API in a future SKILL.md revision.

Findings 5 items

Severity Finding Location
Low
Filesystem WRITE not declared in SKILL.md
SKILL.md declares 'env: []' and 'bins: []' under requires, but the plugin writes credentials to ~/.totalreclaw/credentials.json and a header to ~/.openclaw/workspace/MEMORY.md. This is necessary and appropriate for the functionality but undocumented.
fs.writeFileSync(CREDENTIALS_PATH, JSON.stringify({ userId, salt: keys.salt.toString('base64') }))
→ Update SKILL.md requires section to document that the skill reads/writes ~/.totalreclaw/ and ~/.openclaw/workspace/ directories.
 plugin/index.ts:387
Low
Network access to api.totalreclaw.xyz not declared in requires.env
SKILL.md lists 'env: []' under requires, but the plugin connects to https://api.totalreclaw.xyz by default. This is a legitimate hosted service call but is not declared.
const serverUrl = process.env.TOTALRECLAW_SERVER_URL || 'https://api.totalreclaw.xyz';
→ Update SKILL.md to list network:READ and network:WRITE as required capabilities, or at minimum document the server URL in the configuration section.
 plugin/index.ts:310
Info
Pre-scan base64 CRITICAL flags are all false positives
All five CRITICAL flags for 'base64_cmd' (Buffer.from with 'base64' encoding) are standard E2EE ciphertext handling: base64 decoding of stored salts and encrypted blobs. No eval, no obfuscation, no shell execution involved.
Buffer.from(record.data, 'base64') // JSON serialization round-trip for exported Buffer fields
→ No action needed. These are legitimate crypto operations.
 dist/tools/export.js, plugin/index.ts:223
Info
Test file hardcoded passwords are test fixtures only
Hardcoded passwords ('pocv2-e2e-test-password-2026', 'test-password-123', etc.) appear in test files only. These are intentionally weak test fixture values and do not represent production credentials.
const testPassword = 'pocv2-e2e-test-password-2026';
→ No action needed for production security. Consider using environment variables or jest's test secrets management for better testing hygiene.
 plugin/pocv2-e2e-test.ts, tests/integration/e2e-flow.test.ts:401
Info
Recovery phrase displayed to user is intentional UX feature
The SKILL.md instructs the agent to display the recovery phrase to the user. This is the core UX for the BIP-39 mnemonic-based vault — the user must see and save their phrase. This is declared and appropriate.
Ask the user: 'Do you have an existing TotalReclaw recovery phrase you'd like to restore, or should I generate a new one?'
→ No action needed. This is the intended design.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✓ Aligned plugin/index.ts - reads ~/.totalreclaw/credentials.json; reads file_path paramet…
Filesystem NONE WRITE ✓ Aligned plugin/index.ts:387 - writes to CREDENTIALS_PATH (~/.totalreclaw/credentials.jso…
Network NONE READ ✓ Aligned plugin/index.ts - GET /v1/billing/status to api.totalreclaw.xyz; plugin/index.ts…
Network NONE WRITE ✓ Aligned plugin/index.ts - POST /v1/facts to api.totalreclaw.xyz for storage; subgraph-st…
Shell NONE NONE No subprocess, no exec, no shell commands found in production code.
Environment NONE READ ✓ Aligned plugin/index.ts - reads TOTALRECLAW_RECOVERY_PHRASE, TOTALRECLAW_SERVER_URL, TOT…
Skill Invoke WRITE WRITE ✓ Aligned 9 declared tools: totalreclaw_remember, recall, forget, export, status, upgrade,…
Clipboard NONE NONE No clipboard access found.
Browser NONE NONE No browser automation found.
Database NONE NONE No direct database access. Server-side PostgreSQL used as relay only.
5 Critical 5 High 50 findings
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(record.data, 'base64'
dist/tools/export.js:223
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(creds.salt, 'base64'
plugin/index.ts:366
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(b64, 'base64'
plugin/index.ts:724
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(encryptedBase64, 'base64'
plugin/pocv2-e2e-test.ts:141
🔒
Critical Encoded Execution Base64 编码执行(代码混淆)
Buffer.from(response.body.salt, 'base64'
tests/integration/server-integration.test.ts:360
🔑
High API Key 疑似硬编码凭证
Password: 'my-secure-password'
dist/index.d.ts:13
🔑
High API Key 疑似硬编码凭证
Password = 'pocv2-e2e-test-password-2026'
plugin/pocv2-e2e-test.ts:401
🔑
High API Key 疑似硬编码凭证
Password: 'test-password-123'
tests/integration/e2e-flow.test.ts:281
🔑
High API Key 疑似硬编码凭证
Password: 'new-user-password'
tests/integration/e2e-flow.test.ts:348
🔑
High API Key 疑似硬编码凭证
Password: 'existing-password'
tests/integration/e2e-flow.test.ts:361
🔗
Medium External URL 外部 URL
https://clawhub.ai
CLAWHUB.md:3
🔗
Medium External URL 外部 URL
https://clawhub.ai/skills/totalreclaw
CLAWHUB.md:10
🔗
Medium External URL 外部 URL
https://totalreclaw.xyz
CLAWHUB.md:67
🔗
Medium External URL 外部 URL
http://your-totalreclaw-server:8080
README.md:26
🔗
Medium External URL 外部 URL
http://127.0.0.1:8080
README.md:246
🔗
Medium External URL 外部 URL
http://your-server:8080
README.md:273
🔗
Medium External URL 外部 URL
https://www.npmjs.com/package/@totalreclaw/core
README.md:313
🔗
Medium External URL 外部 URL
https://totalreclaw.xyz/pricing
SKILL.md:221
🔗
Medium External URL 外部 URL
https://checkout.stripe.com/c/pay/...
SKILL.md:280
🔗
Medium External URL 外部 URL
https://api.totalreclaw.xyz
SKILL.md:877
🔗
Medium External URL 外部 URL
https://www.npmjs.com/package/@totalreclaw/totalreclaw
plugin/README.md:13
🔗
Medium External URL 外部 URL
https://img.shields.io/npm/v/@totalreclaw/totalreclaw?color=7B5CFF
plugin/README.md:18
🔗
Medium External URL 外部 URL
https://img.shields.io/npm/dm/@totalreclaw/totalreclaw
plugin/README.md:19
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/license-MIT-blue
plugin/README.md:20
🔗
Medium External URL 外部 URL
https://openclaw.ai
plugin/README.md:25
🔗
Medium External URL 外部 URL
https://www.npmjs.com/package/@totalreclaw/mcp-server
plugin/README.md:92
🔗
Medium External URL 外部 URL
https://api.mem0.ai
plugin/import-adapters/mem0-adapter.ts:156
🔗
Medium External URL 外部 URL
https://api.z.ai/api/paas/v4
plugin/llm-client.ts:64
🔗
Medium External URL 外部 URL
https://api.mistral.ai/v1
plugin/llm-client.ts:69
🔗
Medium External URL 外部 URL
https://api.groq.com/openai/v1
plugin/llm-client.ts:70
🔗
Medium External URL 外部 URL
https://api.deepseek.com/v1
plugin/llm-client.ts:71
🔗
Medium External URL 外部 URL
https://openrouter.ai/api/v1
plugin/llm-client.ts:72
🔗
Medium External URL 外部 URL
https://api.x.ai/v1
plugin/llm-client.ts:73
🔗
Medium External URL 外部 URL
https://api.together.xyz/v1
plugin/llm-client.ts:74
🔗
Medium External URL 外部 URL
https://api.cerebras.ai/v1
plugin/llm-client.ts:75
🔗
Medium External URL 外部 URL
https://opencollective.com/libvips
plugin/package-lock.json:88
🔗
Medium External URL 外部 URL
https://paulmillr.com/funding/
plugin/package-lock.json:549
🔗
Medium External URL 外部 URL
https://www.npmjs.com/support
plugin/package-lock.json:750
💰
Medium Wallet Address 加密货币钱包地址
0xC445af1D4EB9fce4e1E61fE96ea7B8feBF03c5ca
plugin/subgraph-store.ts:26
💰
Medium Wallet Address 加密货币钱包地址
0x0000000071727De22E5E9d8BAf0edAc6f37da032
plugin/subgraph-store.ts:29
🔗
Medium External URL 外部 URL
http://custom-server:9000
tests/config.test.ts:61
🔗
Medium External URL 外部 URL
https://secure.example.com
tests/config.test.ts:74
🔗
Medium External URL 外部 URL
http://openclaw-memory:8080
tests/config.test.ts:105
🔗
Medium External URL 外部 URL
http://env-server:8888
tests/config.test.ts:134
🔗
Medium External URL 外部 URL
http://env-server
tests/config.test.ts:218
🔗
Medium External URL 外部 URL
http://override-server
tests/config.test.ts:219
🔗
Medium External URL 外部 URL
http://openclaw-server
tests/config.test.ts:234
🔗
Medium External URL 外部 URL
http://insecure.com
tests/config.test.ts:315
🔗
Medium External URL 外部 URL
http://custom:9000
tests/config.test.ts:501
🔗
Medium External URL 外部 URL
http://nonexistent-server:9999
tests/tools.test.ts:649

File Tree

112 files · 1.2 MB · 37463 lines
TypeScript 80f · 28900L JavaScript 21f · 5175L JSON 6f · 1713L Markdown 4f · 1656L Shell 1f · 19L
├─ 📁 dist
│ ├─ 📁 extraction
│ │ ├─ 📜 dedup.d.ts TypeScript 154L · 4.4 KB
│ │ ├─ 📜 dedup.js JavaScript 430L · 16.4 KB
│ │ ├─ 📜 extractor.d.ts TypeScript 124L · 4.1 KB
│ │ ├─ 📜 extractor.js JavaScript 455L · 17.0 KB
│ │ ├─ 📜 index.d.ts TypeScript 10L · 948 B
│ │ ├─ 📜 index.js JavaScript 38L · 4.4 KB
│ │ ├─ 📜 prompts.d.ts TypeScript 331L · 8.4 KB
│ │ └─ 📜 prompts.js JavaScript 486L · 17.6 KB
│ ├─ 📁 reranker
│ │ ├─ 📜 cross-encoder.d.ts TypeScript 149L · 4.3 KB
│ │ └─ 📜 cross-encoder.js JavaScript 608L · 21.5 KB
│ ├─ 📁 tools
│ │ ├─ 📜 export.d.ts TypeScript 79L · 2.4 KB
│ │ ├─ 📜 export.js JavaScript 236L · 7.4 KB
│ │ ├─ 📜 forget.d.ts TypeScript 61L · 1.8 KB
│ │ ├─ 📜 forget.js JavaScript 119L · 4.0 KB
│ │ ├─ 📜 index.d.ts TypeScript 48L · 1.7 KB
│ │ ├─ 📜 index.js JavaScript 77L · 4.0 KB
│ │ ├─ 📜 recall.d.ts TypeScript 86L · 2.9 KB
│ │ ├─ 📜 recall.js JavaScript 169L · 5.3 KB
│ │ ├─ 📜 remember.d.ts TypeScript 64L · 2.0 KB
│ │ ├─ 📜 remember.js JavaScript 119L · 3.7 KB
│ │ ├─ 📜 status.d.ts TypeScript 71L · 2.3 KB
│ │ └─ 📜 status.js JavaScript 124L · 4.3 KB
│ ├─ 📁 triggers
│ │ ├─ 📜 agent-end.d.ts TypeScript 62L · 2.1 KB
│ │ ├─ 📜 agent-end.js JavaScript 289L · 11.1 KB
│ │ ├─ 📜 before-agent-start.d.ts TypeScript 66L · 2.5 KB
│ │ ├─ 📜 before-agent-start.js JavaScript 338L · 13.6 KB
│ │ ├─ 📜 index.d.ts TypeScript 27L · 1.1 KB
│ │ ├─ 📜 index.js JavaScript 37L · 1.7 KB
│ │ ├─ 📜 pre-compaction.d.ts TypeScript 61L · 2.2 KB
│ │ └─ 📜 pre-compaction.js JavaScript 320L · 12.0 KB
│ ├─ 📜 config.d.ts TypeScript 85L · 2.5 KB
│ ├─ 📜 config.js JavaScript 345L · 11.0 KB
│ ├─ 📜 debug.d.ts TypeScript 16L · 655 B
│ ├─ 📜 debug.js JavaScript 26L · 753 B
│ ├─ 📜 index.d.ts TypeScript 31L · 1.5 KB
│ ├─ 📜 index.js JavaScript 52L · 3.3 KB
│ ├─ 📜 totalreclaw-skill.d.ts TypeScript 229L · 6.1 KB
│ ├─ 📜 totalreclaw-skill.js JavaScript 873L · 32.2 KB
│ ├─ 📜 types.d.ts TypeScript 189L · 4.7 KB
│ └─ 📜 types.js JavaScript 18L · 479 B
├─ 📁 plugin
│ ├─ 📁 import-adapters
│ │ ├─ 📜 base-adapter.ts TypeScript 92L · 2.6 KB
│ │ ├─ 📜 chatgpt-adapter.ts TypeScript 323L · 10.2 KB
│ │ ├─ 📜 claude-adapter.ts TypeScript 146L · 4.4 KB
│ │ ├─ 📜 import-adapters.test.ts TypeScript 1123L · 43.7 KB
│ │ ├─ 📜 index.ts TypeScript 28L · 1.1 KB
│ │ ├─ 📜 mcp-memory-adapter.ts TypeScript 276L · 7.9 KB
│ │ ├─ 📜 mem0-adapter.ts TypeScript 233L · 6.2 KB
│ │ └─ 📜 types.ts TypeScript 112L · 3.6 KB
│ ├─ 📜 api-client.ts TypeScript 328L · 10.3 KB
│ ├─ 📜 consolidation.test.ts TypeScript 356L · 12.1 KB
│ ├─ 📜 consolidation.ts TypeScript 227L · 7.5 KB
│ ├─ 📜 crypto.ts TypeScript 224L · 8.0 KB
│ ├─ 📜 embedding.ts TypeScript 75L · 2.8 KB
│ ├─ 📜 extractor-dedup.test.ts TypeScript 168L · 5.9 KB
│ ├─ 📜 extractor.ts TypeScript 365L · 13.3 KB
│ ├─ 📜 generate-mnemonic.ts TypeScript 14L · 573 B
│ ├─ 📜 hot-cache-wrapper.ts TypeScript 126L · 4.3 KB
│ ├─ 📜 index.ts TypeScript 3318L · 130.5 KB
│ ├─ 📜 llm-client.ts TypeScript 418L · 12.8 KB
│ ├─ 📜 lsh.test.ts TypeScript 463L · 15.7 KB
│ ├─ 📜 lsh.ts TypeScript 66L · 1.7 KB
│ ├─ 📋 openclaw.plugin.json JSON 26L · 681 B
│ ├─ 📋 package-lock.json JSON 1353L · 47.5 KB
│ ├─ 📋 package.json JSON 40L · 962 B
│ ├─ 📜 pocv2-e2e-test.ts TypeScript 917L · 32.1 KB
│ ├─ 📜 porter-stemmer.d.ts TypeScript 4L · 143 B
│ ├─ 📝 README.md Markdown 105L · 4.0 KB
│ ├─ 📜 reranker.test.ts TypeScript 594L · 20.7 KB
│ ├─ 📜 reranker.ts TypeScript 537L · 18.1 KB
│ ├─ 📜 semantic-dedup.test.ts TypeScript 392L · 13.5 KB
│ ├─ 📜 semantic-dedup.ts TypeScript 100L · 3.4 KB
│ ├─ 🔧 setup.sh Shell 19L · 531 B
│ ├─ 📜 store-dedup-wiring.test.ts TypeScript 186L · 7.7 KB
│ ├─ 📜 subgraph-search.ts TypeScript 282L · 8.4 KB
│ └─ 📜 subgraph-store.ts TypeScript 445L · 15.5 KB
├─ 📁 src
│ ├─ 📁 extraction
│ │ ├─ 📜 dedup.ts TypeScript 606L · 17.5 KB
│ │ ├─ 📜 extractor.ts TypeScript 659L · 18.3 KB
│ │ ├─ 📜 index.ts TypeScript 54L · 1.0 KB
│ │ └─ 📜 prompts.ts TypeScript 557L · 17.6 KB
│ ├─ 📁 reranker
│ │ └─ 📜 cross-encoder.ts TypeScript 739L · 20.3 KB
│ ├─ 📁 tools
│ │ ├─ 📜 export.ts TypeScript 277L · 7.5 KB
│ │ ├─ 📜 forget.ts TypeScript 141L · 4.0 KB
│ │ ├─ 📜 index.ts TypeScript 106L · 2.8 KB
│ │ ├─ 📜 recall.ts TypeScript 213L · 5.8 KB
│ │ ├─ 📜 remember.ts TypeScript 143L · 3.9 KB
│ │ └─ 📜 status.ts TypeScript 168L · 4.8 KB
│ ├─ 📁 triggers
│ │ ├─ 📜 agent-end.ts TypeScript 376L · 10.6 KB
│ │ ├─ 📜 before-agent-start.ts TypeScript 403L · 12.8 KB
│ │ ├─ 📜 index.ts TypeScript 43L · 1.1 KB
│ │ └─ 📜 pre-compaction.ts TypeScript 463L · 13.0 KB
│ ├─ 📜 config.ts TypeScript 435L · 11.9 KB
│ ├─ 📜 debug.ts TypeScript 35L · 979 B
│ ├─ 📜 index.ts TypeScript 70L · 1.6 KB
│ ├─ 📜 totalreclaw-skill.ts TypeScript 1050L · 30.2 KB
│ └─ 📜 types.ts TypeScript 233L · 5.5 KB
├─ 📁 tests
│ ├─ 📁 extraction
│ │ └─ 📜 host-llm-integration.test.ts TypeScript 200L · 6.9 KB
│ ├─ 📁 fixtures
│ │ └─ 📜 conversations.ts TypeScript 1120L · 34.5 KB
│ ├─ 📁 integration
│ │ ├─ 📜 e2e-flow.test.ts TypeScript 1146L · 31.3 KB
│ │ ├─ 📜 hooks-integration.test.ts TypeScript 1332L · 35.3 KB
│ │ └─ 📜 server-integration.test.ts TypeScript 947L · 26.3 KB
│ ├─ 📜 config.test.ts TypeScript 551L · 16.7 KB
│ ├─ 📜 extraction.test.ts TypeScript 935L · 27.6 KB
│ ├─ 📜 integration.test.ts TypeScript 882L · 23.0 KB
│ ├─ 📜 reranker.test.ts TypeScript 383L · 11.6 KB
│ └─ 📜 tools.test.ts TypeScript 752L · 19.4 KB
├─ 📝 CLAWHUB.md Markdown 134L · 4.6 KB
├─ 📜 jest.config.js JavaScript 16L · 409 B
├─ 📋 package.json JSON 60L · 1.3 KB
├─ 📝 README.md Markdown 436L · 12.2 KB
├─ 📋 skill.json JSON 213L · 6.4 KB
├─ 📝 SKILL.md Markdown 981L · 29.4 KB
└─ 📋 tsconfig.json JSON 21L · 524 B

Dependencies 5 items

PackageVersionSourceKnown VulnsNotes
onnxruntime-node ^1.17.0 npm No ONNX runtime for local embedding generation. Version pinned to ^1.17.0.
uuid ^9.0.0 npm No Standard UUID generation for fact IDs.
@totalreclaw/client file:../client local No Local workspace dependency, not from registry. Assumed trusted.
jest ^29.7.0 npm No Dev dependency for testing.
typescript ^5.3.0 npm No Dev dependency for type checking.

Security Positives

✓ Strong E2EE: AES-256-GCM encryption with client-side key derivation (Argon2id), server never sees plaintext
✓ No credential exfiltration: The recovery phrase is used locally for key derivation only and never transmitted
✓ No shell execution: No subprocess, exec, or shell command invocations in production code
✓ No sensitive path access: Does not read ~/.ssh, ~/.aws, .env, or similar credential paths
✓ No reverse shell, C2, or data exfiltration patterns detected
✓ No eval(), no atob()-based execution, no base64-piped-to-shell patterns
✓ BIP-39 mnemonic format provides a recognizable security boundary (warning about crypto wallet phrases)
✓ Import function only reads user-specified paths declared in the tool call (file_path parameter)
✓ Content fingerprinting uses HMAC-SHA256 with dedup key, preventing server-side content fingerprinting
✓ Tombstone-based deletion with 30-day recovery window
✓ Comprehensive test suite (112 files, 37463 lines) with integration tests
✓ Open source MIT license, repository hosted on github.com/p-diogo/totalreclaw