Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claw Brain
v0.1.15Claw Brain - Personal AI Memory System for OpenClaw/ClawDBot. Provides memory, personality, bonding, and learning capabilities with encrypted secrets support...
⭐ 6· 3.2k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (local personal memory, encrypted secrets, hooks into OpenClaw/ClawDBot) aligns with the SKILL.md instructions (pip install, setup, install hooks, local DB). However the registry entry contains no install spec or code files while SKILL.md directs installing an external Python package and installing hook code — this mismatch between what's bundled in the registry and what the instructions ask you to fetch/run is worth noting.
Instruction Scope
SKILL.md instructs the user/agent to run pip install and run a CLI (clawbrain setup), copy hook code into ~/.openclaw/hooks, and optionally create systemd drop-ins. It also documents a CLI that can display the full encryption key (clawbrain show-key --full). These behaviors are coherent with a memory tool, but they grant the installer the ability to execute remote package code and to reveal sensitive keys — both are high-impact operations that require careful manual review before execution.
Install Mechanism
The install methods recommended (PyPI pip install and git clone from GitHub) are standard and lower-risk than arbitrary downloads. However: (a) the registry package itself contains only SKILL.md and SECURITY.md (no code or hooks), so actual runtime behavior depends on fetching the external PyPI/GitHub package; (b) the SKILL.md’s claim that PyPI provides checksums and 'no shell scripts' is a documentation assertion you should verify; (c) installing a package from PyPI or running its CLI runs remote code — review upstream repo before running.
Credentials
No required environment variables are declared by the registry; SKILL.md documents a set of optional variables (agent ID, BRAIN_ENCRYPTION_KEY, DB/Redis host/password). Those optional variables are appropriate for the functionality described. Sensitive variables (encryption key, DB password) are labelled as such and are optional — requiring them would be disproportionate but they are not required.
Persistence & Privilege
The skill does install persistent hooks into user-level directories (~/.openclaw/hooks or ~/.clawdbot/hooks) and writes an encryption key into ~/.config/clawbrain/.brain_key. It does not request always:true or other elevated runtime privileges in the registry. The optional systemd instructions require sudo (documented as optional). This level of persistence is expected for a local-memory skill, but it means the installed code will run at startup and should be audited beforehand.
What to consider before installing
This skill appears to be a local personal-memory system and many of its requests are reasonable, but proceed cautiously. Before installing: (1) review the upstream GitHub repo and the hook handler.js the SKILL.md references — do not blindly run pip install; (2) run installations and initial tests in an isolated environment or non-production agent; (3) do not run 'clawbrain show-key --full' except when you are sure you need to back up the key and you are in a secure environment; (4) verify the PyPI package name and publisher (to avoid typosquatting) and inspect package contents for unexpected network calls or obfuscated code; (5) prefer installing from a local audited clone (git clone + pip install -e) if you will trust this long-term; (6) if you will expose PostgreSQL/Redis, use TLS and strong passwords; (7) if unsure, treat this as untrusted code until you or someone you trust has reviewed the repository and the hook code.Like a lobster shell, security has layers — review code before you run it.
latestvk974nfjj202yq838t21ms1arh182xk49
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis