Project Knowledge Graph
PassAudited by ClawScan on May 8, 2026.
Overview
The skill appears to be a disclosed, local knowledge-indexing tool, but it copies broad project and skill content into a persistent local database that users should review before running.
Before installing or running it, inspect the configured project roots, run the dry-run command, keep the FalkorDB host on localhost, pin the Docker image if you plan to rely on it, and remember that the Docker volume will retain indexed project content until you remove it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private project notes, plans, architecture docs, and skill instructions may be copied into a persistent local graph and later surfaced in queries.
The skill persistently indexes broad local project and skill content into a queryable knowledge store. This is the core feature, but it can include sensitive or stale context.
Reads project memory files ... across all configured project directories"; "Reads all SKILL.md files under ~/.hermes/skills/"; "Writes to local FalkorDB Docker container
Run the dry-run first, review or edit the project roots, avoid indexing secrets, and purge the Docker volume if you no longer want the data retained.
If the Docker image changes upstream, the code running locally may differ from what was originally reviewed.
The setup depends on an external Docker image and Python package. The Python package is pinned, and the Docker image is disclosed with digest-pinning guidance, but the default Docker command uses a mutable latest tag.
docker run ... falkordb/falkordb:latest" and "pip install falkordb==1.6.1
Pin the FalkorDB Docker image by digest before regular use, and install dependencies from trusted package sources.
The local database can continue running and retaining indexed content after the immediate query or indexing task is finished.
The FalkorDB service and indexed data are designed to persist beyond a single task. This is disclosed and purpose-aligned, but it is long-running local infrastructure.
--restart=unless-stopped ... -v knowledge-graph-data:/data"; "Auto-starts on Docker daemon start ... Data persists in the Docker volume.
Omit the restart flag if you only want manual startup, and use the documented Docker stop/remove/volume removal commands when you want to fully remove the service and data.