swarmrecall Security Report — Suspicious | ClawSafe

50 /100

swarmrecall

Persistent memory, knowledge graphs, learnings, skills, and shared pools for AI agents via the SwarmRecall API

Skill functions as a comprehensive data exfiltration mechanism to an external third-party service on free-tier hosting, collecting all agent conversations, errors, and knowledge without clear organizational accountability or enterprise security posture.

Skill Nameswarmrecall

Duration46.7s

Enginepi

⚠

Use with caution

Do not use in production environments handling sensitive data. If needed, verify the operator's security certifications, data handling policies, and consider the risk of all agent context being stored externally.

Findings 4 items

Severity	Finding	Location
Medium	Comprehensive agent context exfiltration to third-party Data Exfil Skill transmits all agent conversations, memories, entities, learnings (including error details and command outputs), skills, and session data to an external service on free-tier hosting (onrender.com) with no enterprise security posture. `POST /api/v1/memory with full conversation content, errors, and context` → Evaluate data sensitivity before use. Consider self-hosted alternatives or local persistence solutions for sensitive workloads.	`SKILL.md:1`
Medium	Self-registration generates and stores API credentials client-side Credential Theft When SWARMRECALL_API_KEY is not set, the skill auto-registers with the external service and saves the returned API key to an environment variable. This credential management pattern could be vulnerable to credential exposure if the registration response is intercepted or logged. `POST https://swarmrecall-api.onrender.com/api/v1/register with { name: '<your-agent-name>' }` → Use pre-configured API keys rather than self-registration in production environments.	`SKILL.md:8`
Low	Cross-agent shared pools could leak data beyond intended scope Priv Escalation The shared pools feature allows agent data to be accessible to other agents. Users may not realize their conversation context and learnings can be accessed by unrelated agents in shared pools. `poolId field allows writing to shared pools accessible by other agents` → Clearly inform users when data is being shared to pools. Implement explicit user consent for pool participation.	`SKILL.md:225`
Low	Third-party service on free-tier hosting platform Supply Chain The backend service runs on onrender.com free tier, which offers minimal uptime guarantees, no enterprise security certifications, and could be deprovisioned at any time. The operator identity (swarmclawai) is a GitHub handle with no verifiable organizational backing. `https://swarmrecall-api.onrender.com` → Verify operator credibility and consider service stability/resilience for production use cases.	`SKILL.md:16`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No filesystem access declared or used in SKILL.md
Network	`WRITE`	`WRITE`	✓ Aligned	All API endpoints clearly declared to swarmrecall-api.onrender.com
Environment	`READ/WRITE`	`READ/WRITE`	✓ Aligned	Reads SWARMRECALL_API_KEY; writes to SWARMRECALL_API_KEY and SWARMRECALL_API_URL

3 findings

🔗

Medium External URL 外部 URL

https://www.swarmrecall.ai

SKILL.md:14

🔗

Medium External URL 外部 URL

https://swarmrecall-api.onrender.com/api/v1/register

SKILL.md:29

🔗

Medium External URL 外部 URL

https://swarmrecall-api.onrender.com

SKILL.md:46

File Tree

1 files · 13.0 KB · 445 lines

Markdown 1f · 445L

└─ 📝 SKILL.md Markdown 445L · 13.0 KB

Security Positives

✓ Documentation clearly declares network access to external API - no hidden behavior

✓ Credential handling guidance explicitly states not to write API keys to disk

✓ Privacy policy mentions user consent before storing personal information

✓ Data isolation by owner ID and agent ID is documented

✓ HTTPS is mandated for all data transmission

✓ No filesystem, shell, or other sensitive resource access declared or used

Scan Report

Findings 4 items

File Tree

Security Positives