BrainRepo
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or invoking the skill can create a new folder structure in Documents without a separate setup prompt.
The skill may direct the agent to create local folders/files automatically on first use. This is disclosed and scoped to the BrainRepo path, but it is still local environment mutation.
**Before any action**, check if brainrepo is initialized ... If NOT found → **Run onboarding automatically** ... `mkdir -p <path>/{Inbox,Projects,Areas/...}`Use it only if you are comfortable with ~/Documents/brainrepo/ being created and managed by the agent; ask the agent to show planned file changes before setup if desired.
Private details saved into BrainRepo may be surfaced in later answers or used as context by agents that read the repository.
The skill is designed to create persistent notes that future agent interactions can search and reuse, including personal and relationship information.
**DUMP → PROCESS → RETRIEVE** ... Capture everything to Inbox/ ... Person info ... Personal growth ... Family info ... "What do I know about X?" | Search & retrieve
Avoid storing secrets or highly sensitive information unless you are comfortable with future agents reading it; periodically review and prune stored notes.
Personal notes could be uploaded to a configured Git remote using your Git account or SSH credentials.
The workflow includes Git pushes, which may use the user's existing Git remote configuration and credentials if a remote is configured.
After processing: ... Commit: `git add -A && git commit -m "daily: $(date +%Y-%m-%d)"` ... Push: `git push`
Before using Git sync, verify the remote destination and repository privacy, and ask for confirmation before any `git push`.
If the agent misclassifies notes during cleanup, useful information could be deleted or the deletion could be synced to other devices.
Review workflows can delete or move notes and then sync changes. This is normal for a knowledge-management workflow, but mistakes could be committed and propagated.
Is it worth keeping? ... NO → Delete it ... After processing: ... `git push`
Review proposed deletions and moves before allowing cleanup or sync; rely on Git history or backups for recovery.