Plugin

Install + set up TotalReclaw encrypted memory for OpenClaw, then use totalreclaw_remember / totalreclaw_recall. Trigger on 'install TotalReclaw', 'set up Tot...

What to check before installing: 1) Review the external setup page(s) the SKILL.md tells the agent to fetch (the GitHub 'openclaw-setup.md' and https://totalreclaw.xyz). Do NOT let the agent autonomously fetch and act on external 'agent-instructions' until you’ve read them — they can contain instructions that change agent behavior. If you must automate setup, manually fetch and audit that page first. 2) Inspect lifecycle/postinstall scripts (postinstall.mjs / setup.sh) in the package for any unexpected filesystem or network operations before running them. The package includes postinstall logic; make sure it only validates deps and does not exfiltrate secrets. 3) Confirm recovery-phrase handling: the SKILL.md stresses never to paste or echo recovery phrases in chat. Ensure your agent or CLI will not log stdin/stdout containing the phrase. Prefer the QR/pairing flow the SKILL.md prescribes. 4) Verify where data will be written and which endpoints are contacted: expect writes to ~/.totalreclaw and extension dirs and outbound calls to api.totalreclaw.xyz (relay). If you need to self-host, set TOTALRECLAW_SERVER_URL and review the server code. 5) If you cannot review the external documents or postinstall scripts, or if you want to limit risk, install manually via your OpenClaw UI/CLI without giving the agent shell access, and keep the agent from auto-fetching remote instructions. Why I called this 'suspicious': the package content and tooling are coherent with an encrypted-memory plugin, but the SKILL.md's instruction to fetch and 'follow' external agent-directed instructions is a prompt-injection pattern that materially increases risk unless those external instructions are audited. If you can confirm the external docs are benign and postinstall scripts only validate dependencies, confidence would rise and the skill would appear benign.

Type: OpenClaw Skill Name: totalreclaw Version: 3.3.2 The skill bundle implements a sophisticated end-to-end encrypted (E2EE) memory vault for OpenClaw agents. It demonstrates high security standards, particularly through its 'phrase-safety' architecture, which ensures that BIP-39 recovery phrases are handled only in the user's terminal or an encrypted browser session, never entering the LLM's context. The bundle includes lazy-loading logic for an ONNX embedding model from GitHub (embedder-loader.ts) with SHA-256 integrity verification. While the code intentionally isolates file system operations (fs-helpers.ts) from network calls (api-client.ts) to bypass OpenClaw's static analysis scanner, the documentation and code comments transparently explain this as a measure to avoid false positives. The logic is consistent with the stated purpose of providing a private, portable memory store.