BrainDB
ReviewAudited by ClawScan on May 10, 2026.
Overview
BrainDB appears to be a coherent local memory plugin, but its automatic long-term capture and inconsistent migration privacy wording could retain or send private workspace data in ways users should review first.
Review install.sh, docker-compose.yml, and migrate.cjs before installing. If you use BrainDB, treat it as durable local memory for your agent, avoid putting secrets into conversations, enable the optional API key if appropriate, and run migration only with an explicit local-only option such as --no-swarm unless you intentionally want Gemini/swarm processing.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private conversation details, preferences, project facts, and some tool outcomes may persist after session resets and affect future agent behavior.
The skill is explicitly designed to persist and reuse personal and work context across sessions. That is purpose-aligned, but it means sensitive facts may be stored and later injected automatically.
automatically captures important context from conversations and recalls it when relevant — who you are, what you're working on, what you've told it before. ... No commands. No manual saving. It just works.
Install only if you want durable agent memory. Review what is captured, add deletion/export/retention practices, and avoid sharing secrets with the agent unless you are comfortable with them being remembered locally.
Workspace files or memory notes could be sent to Gemini/swarm workers during migration if the ambiguous default path is used.
The same documentation says swarm/Gemini upload is opt-in, but the normal import command is described as using swarm if available. That makes the external-provider data boundary unclear for workspace file migration.
Migration with swarm: Sends file contents to Google's Gemini API ... opt-in only ... node migrate.cjs /path/to/workspace # Import (uses swarm if available)
Run migration previews first and use an explicit local-only command such as --no-swarm. The publisher should make swarm use an explicit prompt/flag and align all documentation.
A user may trust the installer's local-only statement and unintentionally run a migration path with unclear external API behavior.
The installer labels --migrate as local-only but invokes the default migration command without an explicit --no-swarm safeguard, despite other provided instructions saying the default import may use swarm if available.
echo " Migrating (local-only, no external API calls)..." ... node "$SCRIPT_DIR/migrate.cjs" "$WORKSPACE" --braindb "http://localhost:$BRAINDB_PORT"
Do not run installer migration until migrate.cjs is reviewed. The installer should pass --no-swarm for local-only migration or require a clear confirmation before any external provider use.
Installation may fail, or a release/archive could include build files that were not part of the reviewed artifact set.
The installer depends on .env.example and Docker build context files; docker-compose.yml also references Dockerfile.embedder and Dockerfile.gateway, but these files are not present in the provided manifest. That creates an incomplete review/provenance gap.
sed "s/CHANGE_ME/$RANDOM_PASS/" .env.example > .env ... docker compose build --quiet
Verify the full release contents, Dockerfiles, and checksums before running install.sh. The package should include all referenced build/config files in the reviewed manifest.
If these memories are encoded and recalled, the agent may favor swarm/Gemini workflows even when a user did not specifically ask for that provider.
The execution-awareness script can encode procedural memories that steer future agent tool choice. This is related to its 'execution awareness' goal, but it can persist recommendations to use external tools.
content: 'For any research with 3+ independent queries, use swarm parallel instead of doing them sequentially. Command: swarm parallel "query1" "query2" "query3" --full. Uses Gemini Flash ...'
Only run execution-awareness if you want these procedural memories. Review and delete tool-use memories that do not match your preferences.