Back to plugin
Pluginv0.1.0
ClawScan security
SwarmRecall · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 30, 2026, 4:33 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior generally matches a hosted-memory plugin, but the SKILL.md references undeclared environment variables, inconsistent API endpoints, and instructs sending potentially sensitive agent data to a third‑party service — these mismatches and privacy risks merit caution.
- Guidance
- This plugin appears to do what it says (hosted memory and skill tracking) but it will send conversation text, error outputs, and other agent data to a third‑party service. Before installing: verify the service domain and privacy/security practices; prefer creating a limited-scope API key or a dedicated account (not your main credentials); confirm how/where the agent will persist the returned API key and how to revoke it; avoid sending secrets, passwords, private keys, or full command outputs unless you are comfortable with external storage; and clarify the API host mismatch in the README vs SKILL.md. Because SKILL.md references SWARMRECALL_API_KEY but the registry metadata does not declare it, treat the skill as requiring an external credential and review that workflow carefully.
Review Dimensions
- Purpose & Capability
- noteName/description match the instructions: this is a hosted-memory/knowledge/skill tracking plugin and the endpoints and behaviors in SKILL.md align with that purpose. However, the skill metadata declares no required env vars or credentials while SKILL.md relies on SWARMRECALL_API_KEY (and optional SWARMRECALL_API_URL). That undeclared dependency is a mismatch.
- Instruction Scope
- concernInstructions tell the agent to auto-register and to POST conversation memory, error outputs, 'full error output', session summaries, and other agent data to a third‑party API. That is expected for a memory service but expands the agent's data exfiltration surface: error logs and commands can contain secrets or sensitive content. The SKILL.md also instructs saving the returned apiKey for future use. Additionally, there is an inconsistency in referenced API hosts (SKILL.md uses api.swarmrecall.ai; README mentions swarmrecall-api.onrender.com).
- Install Mechanism
- okInstruction-only skill with no install spec or code files; nothing is written to disk by the registry or installer. This is the lower-risk class of skill installs.
- Credentials
- concernMetadata declares no required env vars or primary credential, but the runtime instructions depend on SWARMRECALL_API_KEY and optionally SWARMRECALL_API_URL. The skill instructs creating and persisting an API key returned by the service. The omission of SWARMRECALL_API_KEY from the declared requirements is a discrepancy and prevents upfront review of credential needs. The data the skill expects to send (errors, command outputs, conversation memory) can contain secrets — so granting an API key to this service is a high-privilege decision.
- Persistence & Privilege
- noteThe skill does not request always:true and is user-invocable (defaults). Autonomous invocation is allowed (default). The SKILL.md asks the agent to persist/store the returned apiKey for future requests — storing its own token is expected behavior but increases ongoing access, so consider lifecycle and revocation procedures. No evidence it modifies other skills or system-wide configs.