← Back to Skills Marketplace
Plugin
by
Pedro Diogo
· GitHub ↗
· v3.3.2
· MIT-0
881
Downloads
0
Stars
0
Active Installs
69
Versions
Install in OpenClaw
/install totalreclaw
Description
Install + set up TotalReclaw encrypted memory for OpenClaw, then use totalreclaw_remember / totalreclaw_recall. Trigger on 'install TotalReclaw', 'set up Tot...
Usage Guidance
What to check before installing:
1) Review the external setup page(s) the SKILL.md tells the agent to fetch (the GitHub 'openclaw-setup.md' and https://totalreclaw.xyz). Do NOT let the agent autonomously fetch and act on external 'agent-instructions' until you’ve read them — they can contain instructions that change agent behavior. If you must automate setup, manually fetch and audit that page first.
2) Inspect lifecycle/postinstall scripts (postinstall.mjs / setup.sh) in the package for any unexpected filesystem or network operations before running them. The package includes postinstall logic; make sure it only validates deps and does not exfiltrate secrets.
3) Confirm recovery-phrase handling: the SKILL.md stresses never to paste or echo recovery phrases in chat. Ensure your agent or CLI will not log stdin/stdout containing the phrase. Prefer the QR/pairing flow the SKILL.md prescribes.
4) Verify where data will be written and which endpoints are contacted: expect writes to ~/.totalreclaw and extension dirs and outbound calls to api.totalreclaw.xyz (relay). If you need to self-host, set TOTALRECLAW_SERVER_URL and review the server code.
5) If you cannot review the external documents or postinstall scripts, or if you want to limit risk, install manually via your OpenClaw UI/CLI without giving the agent shell access, and keep the agent from auto-fetching remote instructions.
Why I called this 'suspicious': the package content and tooling are coherent with an encrypted-memory plugin, but the SKILL.md's instruction to fetch and 'follow' external agent-directed instructions is a prompt-injection pattern that materially increases risk unless those external instructions are audited. If you can confirm the external docs are benign and postinstall scripts only validate dependencies, confidence would rise and the skill would appear benign.
Capability Analysis
Type: OpenClaw Skill
Name: totalreclaw
Version: 3.3.2
The skill bundle implements a sophisticated end-to-end encrypted (E2EE) memory vault for OpenClaw agents. It demonstrates high security standards, particularly through its 'phrase-safety' architecture, which ensures that BIP-39 recovery phrases are handled only in the user's terminal or an encrypted browser session, never entering the LLM's context. The bundle includes lazy-loading logic for an ONNX embedding model from GitHub (embedder-loader.ts) with SHA-256 integrity verification. While the code intentionally isolates file system operations (fs-helpers.ts) from network calls (api-client.ts) to bypass OpenClaw's static analysis scanner, the documentation and code comments transparently explain this as a measure to avoid false positives. The logic is consistent with the stated purpose of providing a private, portable memory store.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description, code files, and API client all align with an OpenClaw memory plugin that talks to a TotalReclaw relay (api.totalreclaw.xyz) and exposes remember/recall/forget/export tools. The package contains runtime code, lifecycle hooks, and client/server interactions consistent with the stated purpose. Minor mismatch: registry metadata declares no required env vars, but README and code reference optional envs (TOTALRECLAW_RECOVERY_PHRASE, TOTALRECLAW_SERVER_URL, QA/SESSION envs). This is plausible (they are optional) but should be documented in registry metadata for transparency.
Instruction Scope
SKILL.md instructs the agent to run shell install commands (openclaw skills/plugins install), check and write files under home (e.g., ~/.totalreclaw/credentials.json, extension manifest files), decode base64 QR payloads to tempfiles, and — importantly — to fetch and 'follow its agent-instructions section' from an external URL (https://github.com/.../openclaw-setup.md). Asking the agent to fetch and follow arbitrary external 'agent-instructions' is a prompt-injection risk: the fetched content could contain instructions that override or broaden agent behavior. The SKILL.md does include safe guidance (explicit prohibition on echoing recovery phrases and PIN logging), but the external-fetch instruction is the main scope creep / risk.
Install Mechanism
No install spec in registry; SKILL.md expects the agent to call OpenClaw CLI (openclaw skills/plugins install) or instruct the user to install via the service UI. The package contains postinstall.mjs and setup scripts (present in the code manifest), but there are no downloads from arbitrary personal URLs. Files appear to be from a normal package—no suspicious URL download/extract patterns were found in the provided manifest. Still: postinstall lifecycle behavior should be reviewed (postinstall.mjs is mentioned in CHANGELOG) before running in a privileged environment.
Credentials
The registry lists no required env vars (none mandatory). The code and README reference optional environment variables (e.g., TOTALRECLAW_RECOVERY_PHRASE, TOTALRECLAW_SERVER_URL, TOTALRECLAW_QA_REPO, TOTALRECLAW_SESSION_ID). Those are reasonable for a memory client that can be self-hosted or configured, but the registry metadata omissions make this less transparent. There are no undeclared credentials that would be unexpected for the stated purpose.
Persistence & Privilege
always:false (not force-included). The plugin declares lifecycle hooks (before_agent_start, agent_end, pre_compaction) and writes state under extension and user home directories (expected for a memory plugin). It does not request to modify other skills or system-wide agent configs beyond its own manifests. Autonomous invocation is enabled by default; combined with the instruction-scope issue (external fetch), that increases the blast radius but does not by itself make the skill malicious.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install totalreclaw - After installation, invoke the skill by name or use
/totalreclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.3.2
Release 3.3.2 (promoted from RC) -- see https://github.com/p-diogo/totalreclaw/releases/tag/v3.3.2
v3.3.2-rc.4
Release candidate 3.3.2-rc.4 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.2-rc.3
Release candidate 3.3.2-rc.3 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.2-rc.2
Release candidate 3.3.2-rc.2 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.2-rc.1
Release candidate 3.3.2-rc.1 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.22
Release candidate 3.3.1-rc.22 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1
Release 3.3.1 -- see https://github.com/p-diogo/totalreclaw/releases/tag/v3.3.1
v3.3.1-rc.21
Release candidate 3.3.1-rc.21 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.20
Release candidate 3.3.1-rc.20 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.19
Release candidate 3.3.1-rc.19 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.18
Release candidate 3.3.1-rc.18 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.17
Release candidate 3.3.1-rc.17 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.14
Release candidate 3.3.1-rc.14 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.13
Release candidate 3.3.1-rc.13 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.12
Release candidate 3.3.1-rc.12 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.11
Release candidate 3.3.1-rc.11 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.10
Release candidate 3.3.1-rc.10 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.9
Release candidate 3.3.1-rc.9 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.8
Release candidate 3.3.1-rc.8 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
v3.3.1-rc.7
Release candidate 3.3.1-rc.7 -- testing build, not recommended for production. See https://github.com/p-diogo/totalreclaw/releases
Metadata
Frequently Asked Questions
What is Plugin?
Install + set up TotalReclaw encrypted memory for OpenClaw, then use totalreclaw_remember / totalreclaw_recall. Trigger on 'install TotalReclaw', 'set up Tot... It is an AI Agent Skill for Claude Code / OpenClaw, with 881 downloads so far.
How do I install Plugin?
Run "/install totalreclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Plugin free?
Yes, Plugin is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Plugin support?
Plugin is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux, windows).
Who created Plugin?
It is built and maintained by Pedro Diogo (@p-diogo); the current version is v3.3.2.
More Skills