totalreclaw Security Report — Trusted | ClawSafe | ClawSafe

5 /100

totalreclaw

End-to-end encrypted memory vault for AI agents with AES-256-GCM

TotalReclaw is a legitimate end-to-end encrypted memory plugin for AI agents with no malicious indicators. All pre-scan base64 flags are standard cryptographic encoding operations, hardcoded credentials exist only in test files, and all functionality is properly declared in SKILL.md.

Skill Nametotalreclaw

Duration76.1s

Enginepi

✓

Safe to install

No action needed. The skill is safe to use.

Findings 2 items

Severity	Finding	Location
Low	SKILL.md does not declare TOTALRECLAW_RECOVERY_PHRASE env var Doc Mismatch The plugin requires TOTALRECLAW_RECOVERY_PHRASE (a BIP-39 mnemonic) but SKILL.md's openclaw.requires.env is empty. This is a minor documentation gap, though the recovery phrase flow is documented in the Post-Install Setup section. `"requires": { "env": [] }` → Add TOTALRECLAW_RECOVERY_PHRASE to the openclaw.requires.env array in SKILL.md	`SKILL.md:1`
Low	@huggingface/transformers unpinned to minor/patch Supply Chain plugin/package.json specifies "^3.8.1" which could install incompatible versions. `"@huggingface/transformers": "^3.8.1"` → Pin to exact version or minor: "3.8.1"	`plugin/package.json:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ+WRITE`	✓ Aligned	plugin/index.ts:200 — CREDENTIALS_PATH, billing cache, MEMORY.md header manageme…
Network	`NONE`	`READ+WRITE`	✓ Aligned	plugin/api-client.ts — JSON/HTTP to api.totalreclaw.xyz; plugin/subgraph-store.t…
Shell	`NONE`	`NONE`	—	No subprocess, exec, or spawn calls found in production plugin code
Environment	`NONE`	`READ`	✓ Aligned	plugin/llm-client.ts:160-200 — reads provider API keys (ZAI_API_KEY, OPENAI_API_…
Skill Invoke	`NONE`	`NONE`	—	No dynamic skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No direct database access — encrypted facts stored via API or on-chain

5 Critical 5 High 50 findings

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

Buffer.from(creds.salt, 'base64'

plugin/index.ts:366

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

Buffer.from(b64, 'base64'

plugin/index.ts:724

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

Buffer.from(encryptedBase64, 'base64'

plugin/pocv2-e2e-test.ts:141

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

Buffer.from(record.data, 'base64'

src/tools/export.ts:260

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

Buffer.from(response.body.salt, 'base64'

tests/integration/server-integration.test.ts:360

🔑

High API Key 疑似硬编码凭证

Password = 'pocv2-e2e-test-password-2026'

plugin/pocv2-e2e-test.ts:401

🔑

High API Key 疑似硬编码凭证

Password: 'my-secure-password'

src/index.ts:13

🔑

High API Key 疑似硬编码凭证

Password: 'test-password-123'

tests/integration/e2e-flow.test.ts:281

🔑

High API Key 疑似硬编码凭证

Password: 'new-user-password'

tests/integration/e2e-flow.test.ts:348

🔑

High API Key 疑似硬编码凭证

Password: 'existing-password'

tests/integration/e2e-flow.test.ts:361

🔗

Medium External URL 外部 URL

https://clawhub.ai

CLAWHUB.md:3

🔗

Medium External URL 外部 URL

https://clawhub.ai/skills/totalreclaw

CLAWHUB.md:10

🔗

Medium External URL 外部 URL

https://totalreclaw.xyz

CLAWHUB.md:67

🔗

Medium External URL 外部 URL

http://your-totalreclaw-server:8080

README.md:26

🔗

Medium External URL 外部 URL

http://127.0.0.1:8080

README.md:246

🔗

Medium External URL 外部 URL

http://your-server:8080

README.md:273

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@totalreclaw/core

README.md:313

🔗

Medium External URL 外部 URL

https://totalreclaw.xyz/pricing

SKILL.md:221

🔗

Medium External URL 外部 URL

https://checkout.stripe.com/c/pay/...

SKILL.md:280

🔗

Medium External URL 外部 URL

https://api.totalreclaw.xyz

SKILL.md:877

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@totalreclaw/totalreclaw

plugin/README.md:13

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/v/@totalreclaw/totalreclaw?color=7B5CFF

plugin/README.md:18

🔗

Medium External URL 外部 URL

https://img.shields.io/npm/dm/@totalreclaw/totalreclaw

plugin/README.md:19

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/license-MIT-blue

plugin/README.md:20

🔗

Medium External URL 外部 URL

https://openclaw.ai

plugin/README.md:25

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@totalreclaw/mcp-server

plugin/README.md:92

🔗

Medium External URL 外部 URL

https://api.mem0.ai

plugin/import-adapters/mem0-adapter.ts:156

🔗

Medium External URL 外部 URL

https://api.z.ai/api/paas/v4

plugin/llm-client.ts:64

🔗

Medium External URL 外部 URL

https://api.mistral.ai/v1

plugin/llm-client.ts:69

🔗

Medium External URL 外部 URL

https://api.groq.com/openai/v1

plugin/llm-client.ts:70

🔗

Medium External URL 外部 URL

https://api.deepseek.com/v1

plugin/llm-client.ts:71

🔗

Medium External URL 外部 URL

https://openrouter.ai/api/v1

plugin/llm-client.ts:72

🔗

Medium External URL 外部 URL

https://api.x.ai/v1

plugin/llm-client.ts:73

🔗

Medium External URL 外部 URL

https://api.together.xyz/v1

plugin/llm-client.ts:74

🔗

Medium External URL 外部 URL

https://api.cerebras.ai/v1

plugin/llm-client.ts:75

🔗

Medium External URL 外部 URL

https://opencollective.com/libvips

plugin/package-lock.json:88

🔗

Medium External URL 外部 URL

https://paulmillr.com/funding/

plugin/package-lock.json:549

🔗

Medium External URL 外部 URL

https://www.npmjs.com/support

plugin/package-lock.json:750

💰

Medium Wallet Address 加密货币钱包地址

0xC445af1D4EB9fce4e1E61fE96ea7B8feBF03c5ca

plugin/subgraph-store.ts:26

💰

Medium Wallet Address 加密货币钱包地址

0x0000000071727De22E5E9d8BAf0edAc6f37da032

plugin/subgraph-store.ts:29

🔗

Medium External URL 外部 URL

http://custom-server:9000

tests/config.test.ts:61

🔗

Medium External URL 外部 URL

https://secure.example.com

tests/config.test.ts:74

🔗

Medium External URL 外部 URL

http://openclaw-memory:8080

tests/config.test.ts:105

🔗

Medium External URL 外部 URL

http://env-server:8888

tests/config.test.ts:134

🔗

Medium External URL 外部 URL

http://env-server

tests/config.test.ts:218

🔗

Medium External URL 外部 URL

http://override-server

tests/config.test.ts:219

🔗

Medium External URL 外部 URL

http://openclaw-server

tests/config.test.ts:234

🔗

Medium External URL 外部 URL

http://insecure.com

tests/config.test.ts:315

🔗

Medium External URL 外部 URL

http://custom:9000

tests/config.test.ts:501

🔗

Medium External URL 外部 URL

http://nonexistent-server:9999

tests/tools.test.ts:649

File Tree

72 files · 956.7 KB · 30361 lines

TypeScript 60f · 26957L JSON 6f · 1713L Markdown 4f · 1656L Shell 1f · 19L JavaScript 1f · 16L

├─ ▾ 📁 plugin

│ ├─ ▾ 📁 import-adapters

│ │ ├─ 📜 base-adapter.ts TypeScript 92L · 2.6 KB

│ │ ├─ 📜 chatgpt-adapter.ts TypeScript 323L · 10.2 KB

│ │ ├─ 📜 claude-adapter.ts TypeScript 146L · 4.4 KB

│ │ ├─ 📜 import-adapters.test.ts TypeScript 1123L · 43.7 KB

│ │ ├─ 📜 index.ts TypeScript 28L · 1.1 KB

│ │ ├─ 📜 mcp-memory-adapter.ts TypeScript 276L · 7.9 KB

│ │ ├─ 📜 mem0-adapter.ts TypeScript 233L · 6.2 KB

│ │ └─ 📜 types.ts TypeScript 112L · 3.6 KB

│ ├─ 📜 api-client.ts TypeScript 328L · 10.3 KB

│ ├─ 📜 consolidation.test.ts TypeScript 356L · 12.1 KB

│ ├─ 📜 consolidation.ts TypeScript 227L · 7.5 KB

│ ├─ 📜 crypto.ts TypeScript 224L · 8.0 KB

│ ├─ 📜 embedding.ts TypeScript 75L · 2.8 KB

│ ├─ 📜 extractor-dedup.test.ts TypeScript 168L · 5.9 KB

│ ├─ 📜 extractor.ts TypeScript 365L · 13.3 KB

│ ├─ 📜 generate-mnemonic.ts TypeScript 14L · 573 B

│ ├─ 📜 hot-cache-wrapper.ts TypeScript 126L · 4.3 KB

│ ├─ 📜 index.ts TypeScript 3318L · 130.5 KB

│ ├─ 📜 llm-client.ts TypeScript 418L · 12.8 KB

│ ├─ 📜 lsh.test.ts TypeScript 463L · 15.7 KB

│ ├─ 📜 lsh.ts TypeScript 66L · 1.7 KB

│ ├─ 📋 openclaw.plugin.json JSON 26L · 681 B

│ ├─ 📋 package-lock.json JSON 1353L · 47.5 KB

│ ├─ 📋 package.json JSON 40L · 962 B

│ ├─ 📜 pocv2-e2e-test.ts TypeScript 917L · 32.1 KB

│ ├─ 📜 porter-stemmer.d.ts TypeScript 4L · 143 B

│ ├─ 📝 README.md Markdown 105L · 4.0 KB

│ ├─ 📜 reranker.test.ts TypeScript 594L · 20.7 KB

│ ├─ 📜 reranker.ts TypeScript 537L · 18.1 KB

│ ├─ 📜 semantic-dedup.test.ts TypeScript 392L · 13.5 KB

│ ├─ 📜 semantic-dedup.ts TypeScript 100L · 3.4 KB

│ ├─ 🔧 setup.sh Shell 19L · 531 B

│ ├─ 📜 store-dedup-wiring.test.ts TypeScript 186L · 7.7 KB

│ ├─ 📜 subgraph-search.ts TypeScript 282L · 8.4 KB

│ └─ 📜 subgraph-store.ts TypeScript 445L · 15.5 KB

├─ ▾ 📁 src

│ ├─ ▾ 📁 extraction

│ │ ├─ 📜 dedup.ts TypeScript 606L · 17.5 KB

│ │ ├─ 📜 extractor.ts TypeScript 659L · 18.3 KB

│ │ ├─ 📜 index.ts TypeScript 54L · 1.0 KB

│ │ └─ 📜 prompts.ts TypeScript 557L · 17.6 KB

│ ├─ ▾ 📁 reranker

│ │ └─ 📜 cross-encoder.ts TypeScript 739L · 20.3 KB

│ ├─ ▾ 📁 tools

│ │ ├─ 📜 export.ts TypeScript 277L · 7.5 KB

│ │ ├─ 📜 forget.ts TypeScript 141L · 4.0 KB

│ │ ├─ 📜 index.ts TypeScript 106L · 2.8 KB

│ │ ├─ 📜 recall.ts TypeScript 213L · 5.8 KB

│ │ ├─ 📜 remember.ts TypeScript 143L · 3.9 KB

│ │ └─ 📜 status.ts TypeScript 168L · 4.8 KB

│ ├─ ▾ 📁 triggers

│ │ ├─ 📜 agent-end.ts TypeScript 376L · 10.6 KB

│ │ ├─ 📜 before-agent-start.ts TypeScript 403L · 12.8 KB

│ │ ├─ 📜 index.ts TypeScript 43L · 1.1 KB

│ │ └─ 📜 pre-compaction.ts TypeScript 463L · 13.0 KB

│ ├─ 📜 config.ts TypeScript 435L · 11.9 KB

│ ├─ 📜 debug.ts TypeScript 35L · 979 B

│ ├─ 📜 index.ts TypeScript 70L · 1.6 KB

│ ├─ 📜 totalreclaw-skill.ts TypeScript 1050L · 30.2 KB

│ └─ 📜 types.ts TypeScript 233L · 5.5 KB

├─ ▾ 📁 tests

│ ├─ ▾ 📁 extraction

│ │ └─ 📜 host-llm-integration.test.ts TypeScript 200L · 6.9 KB

│ ├─ ▾ 📁 fixtures

│ │ └─ 📜 conversations.ts TypeScript 1120L · 34.5 KB

│ ├─ ▾ 📁 integration

│ │ ├─ 📜 e2e-flow.test.ts TypeScript 1146L · 31.3 KB

│ │ ├─ 📜 hooks-integration.test.ts TypeScript 1332L · 35.3 KB

│ │ └─ 📜 server-integration.test.ts TypeScript 947L · 26.3 KB

│ ├─ 📜 config.test.ts TypeScript 551L · 16.7 KB

│ ├─ 📜 extraction.test.ts TypeScript 935L · 27.6 KB

│ ├─ 📜 integration.test.ts TypeScript 882L · 23.0 KB

│ ├─ 📜 reranker.test.ts TypeScript 383L · 11.6 KB

│ └─ 📜 tools.test.ts TypeScript 752L · 19.4 KB

├─ 📝 CLAWHUB.md Markdown 134L · 4.6 KB

├─ 📜 jest.config.js JavaScript 16L · 409 B

├─ 📋 package.json JSON 60L · 1.3 KB

├─ 📝 README.md Markdown 436L · 12.2 KB

├─ 📋 skill.json JSON 213L · 6.4 KB

├─ 📝 SKILL.md Markdown 981L · 29.4 KB

└─ 📋 tsconfig.json JSON 21L · 524 B

Dependencies 6 items

Package	Version	Source	Known Vulns	Notes
`@huggingface/transformers`	`^3.8.1`	npm	No	Version range ^3.8.1 not pinned
`@noble/hashes`	`^2.0.1`	npm	No	BIP-39 / Argon2id crypto library
`@scure/bip39`	`^2.0.1`	npm	No	BIP-39 wordlist and mnemonic validation
`permissionless`	`^0.3.4`	npm	No	ERC-4337 UserOp bundler client
`viem`	`^2.46.3`	npm	No	Ethereum library for on-chain interactions
`@totalreclaw/core`	`^0.1.0`	npm	No	WASM crypto module (local, no network)

Security Positives

✓ Client-side AES-256-GCM encryption — server never sees plaintext

✓ BIP-39 mnemonic (recovery phrase) derives all keys locally via WASM

✓ LSH + embedding-based semantic search preserves E2EE

✓ Credentials stored at ~/.totalreclaw/ only — no credential exfiltration

✓ LLM API keys used only for in-process extraction calls, never transmitted externally

✓ No shell execution, no subprocess, no eval in production code

✓ No access to ~/.ssh, ~/.aws, or other sensitive host paths

✓ Subgraph mode uses ERC-4337 Smart Accounts — no private key management needed

✓ All tools (remember, recall, forget, export, import_from, etc.) fully declared in SKILL.md

✓ Import adapters support dry_run=true preview by default