Brain Map Visualizer
v3.2.0Visualize how attention moves across your agent's projects. Markdown files become nodes grouped by Attention Pockets.
⭐ 0· 228·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (visualize attention across markdown vault + session journals) align with the provided artifacts: a journal-parser script that reads memory/journal/*.md, a graph JSON schema, a Next.js API route to serve the JSON, and a React+D3 component to render it. No unexpected credentials, binaries, or external services are required.
Instruction Scope
Runtime instructions and included scripts are scoped to parsing local journal markdowns, extracting referenced .md paths, producing a data/brain-map-graph.json, and rendering it via an API route + React component. This requires file system access to the vault (default ~/.openclaw/vault) — which is expected for the stated purpose. The parser purposely blocks absolute and '..' paths and skips http refs. Note: the parser's extractMdRefs implementation contains broken/unclear RegExp code (pattern.run / match handling) that will likely need correction before reliable use; this is an implementation bug, not a scope mismatch.
Install Mechanism
This is an instruction-only skill (no install spec, no bundled binaries). The component lists normal dependencies (d3, @types/d3) to be added to a host app. No downloads from untrusted URLs or archive extraction appear in the package, which is low risk. You must copy scripts/components into your project and install standard npm deps.
Credentials
The skill requests no credentials and declares no required env vars. The parser accepts WORKSPACE_DIR and OUTPUT_PATH overrides (reasonable). The Next.js API route optionally honors a BRAIN_MAP_SECRET env var for access control (recommended). All env/config access is proportionate to the task of reading/writing local graph data.
Persistence & Privilege
The skill is not always-enabled and does not claim persistent background privileges. It does not modify other skills or system-wide configs. The parser is a local script the user runs; the component fetches the local API route and emits a local CustomEvent to request opening files in the host UI — this is expected for integration and does not itself escalate privileges.
Assessment
This skill appears to do what it says: parse your session journals and vault to produce a JSON graph, and render it with a React+D3 component. Before installing/running: (1) Review the provided scripts — they read your vault (default ~/.openclaw/vault) and write a JSON file; run them locally or in a trusted environment only. (2) If you expose the Next.js API route publicly, set BRAIN_MAP_SECRET to protect it. (3) The journal parser contains a buggy regex loop (uses nonstandard pattern.run / match handling) — fix/test extractMdRefs on a copy of your data so it extracts references correctly. (4) Install d3 via your package manager for the component. (5) Do not create endpoints that execute the parser remotely without strict access controls. Overall the requested accesses are proportionate to the feature, but always inspect and test the scripts on non-production data before granting any service access.Like a lobster shell, security has layers — review code before you run it.
latestvk977sr58gd65vznvmv73zacwg184bqhn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.