Company Brain Core OS
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s goal is coherent, but its setup path can download and run unreviewed external code and dependencies despite being presented as local and having no declared requirements.
Review the install script before running it, especially the Bun installer, GitHub clone, and pip dependency installation. Install in a sandbox or trusted environment, and do not rely on the advertised “zero hallucination” claims without verifying important outputs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may execute code that was not reviewed in these artifacts, so the real installed behavior could differ from the package under evaluation.
The installer depends on remote code and dependency files that are not included in the reviewed package, with no pinned commit, checksum, or lockfile shown.
curl -fsSL https://bun.sh/install | bash ... git clone --depth 1 https://github.com/CertainLogicAI/company-brain-os.git "$INSTALL_DIR" ... pip3 install -q -r "$INSTALL_DIR/requirements.txt"
Only install if you trust the author and upstream sources; prefer a packaged, pinned release with checksums and reviewed dependency lockfiles.
A compromised or changed remote installer could run arbitrary commands on the user's machine during installation.
If Bun is missing, the installer pipes a downloaded shell script directly into bash during setup.
if ! command -v bun &> /dev/null; then ... curl -fsSL https://bun.sh/install | bash
Avoid curl-to-bash installers; download, inspect, verify, and pin installer versions before execution, ideally inside a sandbox.
Incorrect or sensitive facts added to the local brain may persist and influence future agent answers.
The skill is designed to store and reuse facts/corrections as persistent agent knowledge.
**Self-improving** | Add facts via markdown files, brain auto-learns ... `proactive` → WAL writes to brain for persistence
Review what is added to the knowledge base, avoid storing secrets or sensitive personal data, and keep a clear way to edit or delete persisted facts.
Users or agents may over-trust answers from the knowledge base without independently checking important facts.
The artifacts make absolute reliability claims that are not substantiated by the bundled files.
100% verifiable ... No hallucinations ... Zero hallucinations. Every answer backed by stored knowledge.
Treat the knowledge base as a helpful local source, not a guarantee of correctness; validate important outputs.