muninn
ReviewAudited by ClawScan on May 10, 2026.
Overview
Muninn appears to be a local project-memory tool, but it persistently changes agent instruction files, broadly indexes project contents, and relies on an unreviewed compiled engine, so it should be reviewed before use.
Install only if you intentionally want a persistent local memory/index for a specific project. Avoid using it in workspaces containing secrets, review generated .muninn data and rule-file changes, and verify the missing compiled CXP engine before trusting the privacy guarantees.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may prioritize Muninn's protocol over the user's immediate request, including searching or saving memories when the user did not explicitly ask for that.
The generated/persistent instructions make Muninn's workflow mandatory and can override a user's preferred workflow by forcing tool calls and memory writes.
Your internal state must ALWAYS be synchronized with the Project Brain... you MUST call `muninn.brain_check`... BEFORE reading files or proposing changes, use `muninn.search_context`... you MUST call `muninn.add_memory`.
Treat Muninn guidance as optional unless the user explicitly enables it; developers should soften mandatory language and require user approval before saving memories.
Future agent sessions or other tools that read those rule files may continue following Muninn's instructions even after the original task is over.
During indexing, Muninn can append persistent agent-control rules to project instruction files outside the .muninn directory.
const files = ['.cursorrules', 'CLAUDE.md', '.antigravityrules']; ... content = content.length > 0 ? content + "\n" + MUNINN_RULES_CONTENT : MUNINN_RULES_CONTENT; await fs.writeFile(filePath, content);
Before installing, decide whether persistent rule-file modification is acceptable; after use, review and remove Muninn blocks from CLAUDE.md, .cursorrules, and .antigravityrules if unwanted.
Private project files, secrets accidentally stored in the workspace, or incorrect memories may be indexed and reused in later agent context.
The project watcher and index builder cover broad project contents, with only limited exclusions and no clear secret/file-type policy or retention controls in the artifacts.
this.watcher = chokidar.watch(projectPath, { ignored: [/node_modules/, /\.git/, /dist/, /\.muninn/], persistent: true, ignoreInitial: true, depth: 10 }); ... await this.cxp.build(projectPath, indexPath);Initialize only in carefully scoped projects, add explicit exclusions for secrets and generated/private files, and periodically inspect or delete .muninn indexes and memories.
Users must trust an external or missing compiled component to process their local project data, despite the privacy claims.
The core CXP engine is executed as a platform-specific binary, but the provided manifest contains no bin/ artifacts, so the code that processes project contents is not reviewable here.
this.binaryPath = path.resolve(__dirname, '../bin', binaryName); ... await fs.chmod(this.binaryPath, 0o755); ... await execFileAsync(this.binaryPath, args, { timeout: 60000, killSignal: 'SIGKILL' });Verify the npm package provenance and inspect or obtain hashes/source for the CXP binaries before using Muninn on sensitive projects.