ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cognitive Brain Deploy

v1.0.0

Cognitive Brain 语义记忆系统一键部署工具。当用户需要部署 OpenClaw 认知脑、部署 PostgreSQL+pgvector 向量数据库、安装 Cognitive Brain Skill、配置定时任务和 Hook 时使用。

0· 87·0 current·0 all-time
by@hongjiahao371-pixel

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hongjiahao371-pixel/cognitive-brain-deploy.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cognitive Brain Deploy" (hongjiahao371-pixel/cognitive-brain-deploy) from ClawHub.
Skill page: https://clawhub.ai/hongjiahao371-pixel/cognitive-brain-deploy
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cognitive-brain-deploy

ClawHub CLI

Package manager switcher

npx clawhub@latest install cognitive-brain-deploy
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match what the files do: the script and docs install PostgreSQL+pgvector, Redis, Node, create DB/tables, write config.json, and set cron jobs and hooks. The requested actions are expected for a deployment helper.
Instruction Scope
SKILL.md directs running the included deploy.sh which performs system-wide actions (apt installs, systemctl enable/start, DB setup, crontab modification). Those actions align with the stated deploy purpose, but the script also hardcodes a database password and echoes it, and the guide instructs cloning an external 'Cognitive Brain' repo but provides no repository URL — leaving a gap that requires user-supplied network operations.
!
Install Mechanism
There is no separate install spec; the provided script performs runtime network installs including curl -fsSL https://deb.nodesource.com/setup_18.x | sudo bash and apt install. Executing a remote install script (curl|bash) is a high-risk pattern because arbitrary code is executed from the network at runtime. The script will write files and enable services on the host.
!
Credentials
The skill declares no required env vars, which is consistent, but the script hardcodes a weak DB password ('cog_brain_2024'), writes that credential into config.json in plaintext, and grants broad DB privileges. Storing and printing a default credential is disproportionate and increases risk if you run this on a multi-user or production host.
Persistence & Privilege
The script requires sudo, enables and starts system services, and writes cron jobs that will autonomously run code from the skill directory. always:false (normal). This level of system modification is expected for a deploy script, but cron jobs executing future code from a skill directory are a persistent execution risk if that code is later changed or comes from an untrusted source.
What to consider before installing
Before running this deploy script, review and adjust it rather than executing it blindly. Specific suggestions: - Inspect scripts/deploy.sh line-by-line and do a manual, stepwise run instead of piping curl|bash into sudo. Avoid executing remote installers without auditing them. - Replace the hardcoded password (cog_brain_2024) with a randomly generated secret; store it safely (OS secret store or a credentials manager) and restrict DB-user privileges to the minimum required. - The guide references cloning a Cognitive Brain repo but provides no URL — obtain the canonical repository URL from a trusted source and review its contents before npm install. - Run the deployment in a disposable VM or container first (not on a production host) to observe side effects (systemd changes, apt installs, crontab entries). - Verify extension dependencies (pgvector and any UUID function providers like pgcrypto) before running the SQL; the script assumes gen_random_uuid() exists. - Review and limit filesystem permissions of ~/.openclaw/workspace/skills and ~/.openclaw/hooks; ensure cron logs are stored securely. - If you prefer safer installs, manually install packages (node/postgres/redis) from distribution packages or well-known package repos instead of using curl|bash. If you want to proceed but reduce risk, perform the steps in the referenced docs manually rather than running the full one-click script, and confirm every external network action and the Cognitive Brain repo contents first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eay4hffxn265dnj5qvzy4ph8407fd
87downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@hongjiahao371-pixel
latest
Download

Cognitive Brain Deploy

OpenClaw 语义记忆系统的自动化部署 Skill。

快速部署

执行一键部署脚本:

bash ~/.openclaw/workspace/skills/cognitive-brain-deploy/scripts/deploy.sh

或手动分步部署,详见 references/deploy-guide.md

部署检查清单

  • PostgreSQL 14+ with pgvector 安装完成
  • Redis 6+ 安装完成
  • cognitive_brain 数据库创建完成
  • 表结构初始化完成(memories + associations 表)
  • Cognitive Brain Skill 下载到 ~/.openclaw/workspace/skills/cognitive-brain
  • config.json 数据库密码配置正确
  • Cron 定时任务添加完成
  • Hook 启用完成

验证命令

部署完成后,执行以下命令验证:

# 健康检查
cd ~/.openclaw/workspace/skills/cognitive-brain && node scripts/recall.cjs health_check

# 测试写入
node scripts/encode.cjs --content "测试记忆" --metadata '{"type":"fact","importance":0.8}'

# 测试搜索
node scripts/recall.cjs --query "测试"

参考文档

Comments

Loading comments...