Back to skill
Skillv0.5.2
VirusTotal security
BrainDB · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:01 AM
- Hash
- 9e2606d66cae8dfc1a9b5bed06b7f5731266fff05d7c4788027f2fc94b32f981
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: braindb Version: 0.5.2 The skill bundle is classified as suspicious due to a significant lack of transparency regarding external network calls. While the `SKILL.md` and `README.md` claim 'No external API calls during normal operation' and only explicitly mention Google Gemini API usage for the `--swarm` migration option, the `gateway.js` implementation reveals that several core features (`/memory/auto-encode`, `/memory/smart-recall`, and predictive warming) *also* send user conversation data and queries to `https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent` if a `GEMINI_KEY` is configured. This contradiction and under-disclosure of data transmission for 'normal operation' features, even to a legitimate service, constitutes a critical privacy and transparency vulnerability, making the skill suspicious rather than benign. There is no evidence of intentional malicious exfiltration to an unauthorized third party.
- External report
- View on VirusTotal