PARA Second Brain
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is a coherent local note-and-memory organizer, but users should be aware it encourages persistent indexing of notes and session transcripts.
This appears safe for its intended use as a local PARA knowledge system. Before installing, decide which notes and session history should be searchable, avoid symlinking broad or sensitive folders, and review the small setup script if you plan to run it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private notes or old conversation details may appear in future memory searches if they are placed in the indexed locations.
The skill explicitly recommends making local notes and past session transcripts searchable by the agent, which is core to the skill but can persist and resurface sensitive context.
"memorySearch": { "sources": ["memory", "sessions"], ... } ... "Indexes your conversation transcripts alongside your notes."Only symlink or index folders you are comfortable having the agent search, and consider exclusions or a separate workspace for sensitive material.
Running the script will create files and folders in the chosen location.
The included shell script writes a directory structure and starter markdown files to a user-specified workspace. This is expected for setup and does not show destructive or hidden behavior.
WORKSPACE="${1:-.}" ... mkdir -p "$WORKSPACE/memory" ... cat > "$WORKSPACE/MEMORY.md"Run the setup script only from the intended workspace or pass an explicit workspace path you have reviewed.
Users may have less certainty about package provenance or exactly which version the manifest describes.
The manifest name/version and listed template files do not fully match the registry metadata and provided file manifest, suggesting stale packaging metadata rather than active malicious behavior.
"name": "second-brain", "version": "1.0.0" ... "files": ["SKILL.md", "manifest.json", "templates/MEMORY.md.template", "templates/daily-log.md.template", "scripts/setup.sh"]
Treat the included files as the source of truth and verify the publisher or repository before relying on updates.