UUMuse Brain
AdvisoryAudited by Static analysis on May 11, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may run external npm package code that receives the configured UUMuse API key and handles UUMuse tool calls.
The MCP implementation is launched from an npm package at runtime rather than fully contained in the reviewed artifact. README also discloses that this downloads and caches the package on demand.
"command": "npx", "args": ["-y", "uumuse-mcp"]
Install only if you trust UUMuse and the npm package source; consider pinning or reviewing the MCP package in environments with stricter supply-chain requirements.
The agent can access UUMuse workspaces, uploaded documents, account status, and supported file/memory operations using your API key.
The skill requires a UUMuse API key and passes it to the MCP server/API, which is expected for this integration but grants account-level access to UUMuse data and actions.
"uumuse_api_key": { "type": "string", "description": "Your UUMuse API key", "required": true }Use a dedicated or least-privileged API key if UUMuse supports it, rotate the key if exposed, and only install this for accounts whose UUMuse content you are comfortable making available to the agent.
A mistaken or over-broad file operation could change or permanently remove documents and their embeddings from a UUMuse workspace.
The skill exposes mutation tools that can overwrite or permanently delete UUMuse files. This is aligned with the stated file-management purpose, but the impact is significant.
`uumuse_edit_file` | Overwrite a file's content entirely ... `uumuse_delete_file` | Permanently delete a file and its embeddings
Ask the agent to read or list files before editing, and require explicit confirmation before overwrite or delete actions.
Saved memories may persist beyond the current chat and can affect future responses; sensitive or incorrect memories could be reused later.
The skill intentionally stores persistent memories that can be searched and reused across sessions. This is disclosed and central to the skill, but it creates durable context that may later influence answers.
Use `uumuse_remember` to save important facts, user preferences, decisions, or context ... Memories are stored as `_memories_{category}.md` files and automatically vectorizedAvoid storing secrets or sensitive personal data as memory, periodically review saved memory categories, and use the forget tool when information should no longer persist.