Second Brain Visualizer
v1.5.0Unload your cognitive baggage. Drop ideas anywhere, find the signal later.
⭐ 0· 181·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill is a local pipeline: parser -> local OpenClaw gateway -> clustering -> frontend visualizer. The required credential (openclaw-gateway.json) and optional Slack/Telegram creds are appropriate for the described ingestion and local-LM invocation. No unrelated credentials or binaries are requested.
Instruction Scope
Runtime instructions and included scripts are narrowly scoped to reading the vault ledger, parsing atoms, and calling the configured OpenClaw gateway. Ingestion guidance legitimately asks the agent to read private channel messages when you enable automated ingestion. Two small inconsistencies to be aware of: (1) install.md suggests setting an OPENCLAW_GATEWAY environment variable or editing cluster.js, but the included cluster.js actually reads ~/.openclaw/credentials/openclaw-gateway.json for host/port/key — rely on the credentials file used by cluster.js. (2) cluster.js will warn but still allow a non-local gateway host; if the gateway host is set to a remote host your corpus would leave the machine.
Install Mechanism
This is an instruction-only skill with included scripts; there is no automated install/download of third-party code or archives. The user is expected to clone the repo and run provided Node scripts. That is low-risk compared with arbitrary installs or remote downloads.
Credentials
Requested credentials are proportionate: a required local OpenClaw gateway credential and optional Slack/Telegram bot keys for ingestion. The only noteworthy risk is configuration: if the configured gateway host is changed away from localhost the atom corpus would be sent to that host (the code warns about this). Slack/Telegram tokens will permit reading the configured private channel — this is expected for ingestion but should be tightly scoped and kept private.
Persistence & Privilege
The skill does not request always:true and does not claim persistent system-wide privileges. It performs operations in its own data paths and uses credentials stored under ~/.openclaw/credentials; it does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says, but review a few practical items before enabling it: 1) Keep your OpenClaw gateway pointed at localhost (127.0.0.1) and store the gateway key in ~/.openclaw/credentials/openclaw-gateway.json — cluster.js reads that file. If you point the gateway to a remote host your atom corpus will be sent there (the script warns but will proceed). 2) Only supply Slack/Telegram bot tokens for private channels you control — automated ingestion will read messages from those channels and append them to your ledger. 3) The install guide and scripts are slightly out of sync (install.md mentions an OPENCLAW_GATEWAY env var, but cluster.js reads the credentials file); trust the code in references/cluster.js and adjust your environment/files accordingly. 4) Test the pipeline with the included sample ledger first to confirm outputs and file paths before wiring cron/automation. 5) If you are concerned about data leaving your machine, inspect your OpenClaw gateway configuration and network egress rules; running a local-only gateway is the recommended safe setup.Like a lobster shell, security has layers — review code before you run it.
latestvk9721m29zhqpnra9qzrjxx0g4184heg8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.