swarmrecall 安全扫描报告 — 可疑 | ClawSafe

50 /100

swarmrecall

Persistent memory, knowledge graphs, learnings, skills, and shared pools for AI agents via the SwarmRecall API

Skill functions as a comprehensive data exfiltration mechanism to an external third-party service on free-tier hosting, collecting all agent conversations, errors, and knowledge without clear organizational accountability or enterprise security posture.

技能名称swarmrecall

分析耗时46.7s

引擎pi

⚠

谨慎使用

Do not use in production environments handling sensitive data. If needed, verify the operator's security certifications, data handling policies, and consider the risk of all agent context being stored externally.

安全发现 4 项

严重性	安全发现	位置
中危	Comprehensive agent context exfiltration to third-party 数据外泄 Skill transmits all agent conversations, memories, entities, learnings (including error details and command outputs), skills, and session data to an external service on free-tier hosting (onrender.com) with no enterprise security posture. `POST /api/v1/memory with full conversation content, errors, and context` → Evaluate data sensitivity before use. Consider self-hosted alternatives or local persistence solutions for sensitive workloads.	`SKILL.md:1`
中危	Self-registration generates and stores API credentials client-side 凭证窃取 When SWARMRECALL_API_KEY is not set, the skill auto-registers with the external service and saves the returned API key to an environment variable. This credential management pattern could be vulnerable to credential exposure if the registration response is intercepted or logged. `POST https://swarmrecall-api.onrender.com/api/v1/register with { name: '<your-agent-name>' }` → Use pre-configured API keys rather than self-registration in production environments.	`SKILL.md:8`
低危	Cross-agent shared pools could leak data beyond intended scope 权限提升 The shared pools feature allows agent data to be accessible to other agents. Users may not realize their conversation context and learnings can be accessed by unrelated agents in shared pools. `poolId field allows writing to shared pools accessible by other agents` → Clearly inform users when data is being shared to pools. Implement explicit user consent for pool participation.	`SKILL.md:225`
低危	Third-party service on free-tier hosting platform 供应链 The backend service runs on onrender.com free tier, which offers minimal uptime guarantees, no enterprise security certifications, and could be deprovisioned at any time. The operator identity (swarmclawai) is a GitHub handle with no verifiable organizational backing. `https://swarmrecall-api.onrender.com` → Verify operator credibility and consider service stability/resilience for production use cases.	`SKILL.md:16`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem access declared or used in SKILL.md
网络访问	`WRITE`	`WRITE`	✓ 一致	All API endpoints clearly declared to swarmrecall-api.onrender.com
环境变量	`READ/WRITE`	`READ/WRITE`	✓ 一致	Reads SWARMRECALL_API_KEY; writes to SWARMRECALL_API_KEY and SWARMRECALL_API_URL

3 项发现

🔗

中危外部 URL 外部 URL

https://www.swarmrecall.ai

SKILL.md:14

🔗

中危外部 URL 外部 URL

https://swarmrecall-api.onrender.com/api/v1/register

SKILL.md:29

🔗

中危外部 URL 外部 URL

https://swarmrecall-api.onrender.com

SKILL.md:46

目录结构

1 文件 · 13.0 KB · 445 行

Markdown 1f · 445L

└─ 📝 SKILL.md Markdown 445L · 13.0 KB

安全亮点

✓ Documentation clearly declares network access to external API - no hidden behavior

✓ Credential handling guidance explicitly states not to write API keys to disk

✓ Privacy policy mentions user consent before storing personal information

✓ Data isolation by owner ID and agent ID is documented

✓ HTTPS is mandated for all data transmission

✓ No filesystem, shell, or other sensitive resource access declared or used