Back to skill
Skillv1.3.0
ClawScan security
2nd Brain · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 24, 2026, 11:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only personal knowledge base that reads/writes files under ~/.openclaw/workspace/brain and uses OpenClaw memory APIs; nothing requested is disproportionate to its stated purpose.
- Guidance
- This skill appears to do what it says: store and retrieve structured notes and save attachments locally. Before installing/use: (1) Confirm you are comfortable with persistent storage of uploaded media (photos/audio/PDFs) in ~/.openclaw/workspace/brain/attachments; those files could contain sensitive data. (2) If you follow the optional QMD recommendation, review the QMD project source (the SKILL.md suggests installing from a GitHub URL) before running bun install -g, and only install if you trust that repo. (3) Back up openclaw.json before changing memory.backend or memory.qmd.paths, since those are global memory settings. (4) If you want tighter control, restrict the skill's write access to a dedicated folder and avoid enabling the optional QMD steps. Overall the skill is coherent and low-risk if used with the above precautions.
Review Dimensions
- Purpose & Capability
- okName/description match the behavior: the skill stores and retrieves personal knowledge and asks only for filesystem access to a scoped brain workspace and attachments. No unrelated credentials or binaries are required.
- Instruction Scope
- noteInstructions require reading/writing Markdown files under ~/.openclaw/workspace/brain, saving user-provided media to attachments/, and using built-in memory_search/memory_get. This is appropriate for a knowledge-base skill, but note the explicit requirement to 'MUST save' uploaded media — user files (photos/audio/PDFs) will be persisted to disk.
- Install Mechanism
- noteThere is no install spec (lowest risk). The SKILL.md optionally recommends installing the QMD CLI via bun from a GitHub repo; that is an optional remote install (moderate risk if followed). The recommendation is not automatically executed by the platform.
- Credentials
- okSkill declares no required environment variables or credentials. Optional guidance references PATH updates for bun/qmd and changing memory.backend in openclaw.json — both are relevant to the optional QMD enhancement but are not required for basic operation.
- Persistence & Privilege
- noteSkill does not request always: true and is user-invocable. It needs write access to ~/.openclaw/workspace/brain/** and attachments, which is expected for persistent storage. It also suggests (optionally) editing openclaw.json to switch backends — modifying a global memory config is a relevant but higher-impact change and should be done intentionally.