Project Knowledge Graph
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private project notes, plans, architecture docs, and skill instructions may be copied into a persistent local graph and later surfaced in queries.
The skill persistently indexes broad local project and skill content into a queryable knowledge store. This is the core feature, but it can include sensitive or stale context.
Reads project memory files ... across all configured project directories"; "Reads all SKILL.md files under ~/.hermes/skills/"; "Writes to local FalkorDB Docker container
Run the dry-run first, review or edit the project roots, avoid indexing secrets, and purge the Docker volume if you no longer want the data retained.
If the Docker image changes upstream, the code running locally may differ from what was originally reviewed.
The setup depends on an external Docker image and Python package. The Python package is pinned, and the Docker image is disclosed with digest-pinning guidance, but the default Docker command uses a mutable latest tag.
docker run ... falkordb/falkordb:latest" and "pip install falkordb==1.6.1
Pin the FalkorDB Docker image by digest before regular use, and install dependencies from trusted package sources.
The local database can continue running and retaining indexed content after the immediate query or indexing task is finished.
The FalkorDB service and indexed data are designed to persist beyond a single task. This is disclosed and purpose-aligned, but it is long-running local infrastructure.
--restart=unless-stopped ... -v knowledge-graph-data:/data"; "Auto-starts on Docker daemon start ... Data persists in the Docker volume.
Omit the restart flag if you only want manual startup, and use the documented Docker stop/remove/volume removal commands when you want to fully remove the service and data.