Scan Report
0 /100
recall-local
Local memory search for OpenClaw agents. Indexes ~/clawd/memory/ plus MEMORY.md and WORKING.md, exposes keyword search via web UI + API at http://localhost:3456.
Recall Local is a straightforward local memory search tool with no security concerns—the documented behavior matches the implementation exactly.
Safe to install
Approve for use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | server.js reads ~/clawd/memory/, ~/clawd/MEMORY.md, ~/clawd/WORKING.md — all sco… |
| Network | WRITE | WRITE | ✓ Aligned | server.js runs HTTP server on localhost:3456 — declared in SKILL.md setup instru… |
| Shell | NONE | NONE | — | server.js performs no shell execution; SKILL.md shell commands are user-side set… |
1 findings
Medium External URL 外部 URL
http://www.apple.com/DTDs/PropertyList-1.0.dtd SKILL.md:20 File Tree
2 files · 9.8 KB · 276 lines JavaScript 1f · 205L
Markdown 1f · 71L
├─
▾
scripts
│ └─
server.js
JavaScript
└─
SKILL.md
Markdown
Security Positives
✓ No external network requests — entirely local operation as documented
✓ No credential access or exfiltration
✓ No obfuscation, base64, or eval usage
✓ No sensitive path enumeration (os.environ iteration, ~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ No dependency downloads or pip/npm install without pinning
✓ HTML output properly escapes user-controlled data via esc() function
✓ File access is strictly scoped to declared ~/clawd memory paths
✓ No hidden functionality — code matches documentation one-to-one