ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

2nd Brain

v1.3.0

Personal knowledge base for capturing and retrieving information about people, places, restaurants, games, tech, events, media, ideas, and organizations. Use...

1· 1.5k·14 current·14 all-time
byRaven@coderaven
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior: the skill stores and retrieves personal knowledge and asks only for filesystem access to a scoped brain workspace and attachments. No unrelated credentials or binaries are required.
Instruction Scope
Instructions require reading/writing Markdown files under ~/.openclaw/workspace/brain, saving user-provided media to attachments/, and using built-in memory_search/memory_get. This is appropriate for a knowledge-base skill, but note the explicit requirement to 'MUST save' uploaded media — user files (photos/audio/PDFs) will be persisted to disk.
Install Mechanism
There is no install spec (lowest risk). The SKILL.md optionally recommends installing the QMD CLI via bun from a GitHub repo; that is an optional remote install (moderate risk if followed). The recommendation is not automatically executed by the platform.
Credentials
Skill declares no required environment variables or credentials. Optional guidance references PATH updates for bun/qmd and changing memory.backend in openclaw.json — both are relevant to the optional QMD enhancement but are not required for basic operation.
Persistence & Privilege
Skill does not request always: true and is user-invocable. It needs write access to ~/.openclaw/workspace/brain/** and attachments, which is expected for persistent storage. It also suggests (optionally) editing openclaw.json to switch backends — modifying a global memory config is a relevant but higher-impact change and should be done intentionally.
Assessment
This skill appears to do what it says: store and retrieve structured notes and save attachments locally. Before installing/use: (1) Confirm you are comfortable with persistent storage of uploaded media (photos/audio/PDFs) in ~/.openclaw/workspace/brain/attachments; those files could contain sensitive data. (2) If you follow the optional QMD recommendation, review the QMD project source (the SKILL.md suggests installing from a GitHub URL) before running bun install -g, and only install if you trust that repo. (3) Back up openclaw.json before changing memory.backend or memory.qmd.paths, since those are global memory settings. (4) If you want tighter control, restrict the skill's write access to a dedicated folder and avoid enabling the optional QMD steps. Overall the skill is coherent and low-risk if used with the above precautions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a96kb9n14k1168g9b5mnejx81s7q1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments