ClawHub

OpenClawBrain

v12.2.1

Learned memory graph for AI agents. Policy-gradient routing over document chunks with self-learning, self-regulation, and autonomous correction. Pure Python...

0· 391·1 current·1 all-time
byJonathan Louis Gu@jonathangu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (learned memory graph, policy-gradient routing) match the SKILL.md workflow (init, query, learn, daemon, maintenance). Requiring local workspace files and a state JSON is coherent. However, the README promotes optional OpenAI embeddings/LLM usage while the registry metadata declares no required environment variables (e.g., OPENAI_API_KEY) — an omission that is disproportionate to the advertised embedder capability.
Instruction Scope
Instructions explicitly tell the agent to read and chunk workspace files, run a long-lived daemon that holds state in memory and listens on a Unix socket, and perform autonomous 'self_learn' updates. Those actions are consistent with a memory/learning system but grant the skill discretion to read local files and mutate its state without human review; the SKILL.md also references 'chat_id lookback' for human corrections which implies reading session/chat context.
Install Mechanism
This is an instruction-only skill with no install spec or code files in the bundle, which is the lowest install risk. The SKILL.md shows standard pip install commands for a PyPI package, which is expected for a Python project.
!
Credentials
The skill advertises optional OpenAI embedding/LLM usage (e.g., text-embedding-3-small) but the registry shows no required environment variables or primary credential. If you plan to use the OpenAI embedder the agent or user will need an API key (OPENAI_API_KEY or equivalent); the skill does not declare this, so the registry metadata understates credential needs. No other unexpected credentials are requested.
Persistence & Privilege
The skill runs a daemon that keeps state hot in memory and exposes a Unix socket for NDJSON RPC; it also provides autonomous 'self_learn' capabilities that mutate the memory graph. It does not request 'always:true' or system-wide config changes, but it does persist state on disk (state.json) and can autonomously update that state — consider the security/privacy implications of allowing autonomous updates and a local socket accessible to other processes.
What to consider before installing
This skill appears to be a coherent memory-graph tool, but before installing: 1) understand it will read and chunk your workspace files and persist mutable state to a local JSON (./brain/state.json) and run a daemon listening on a Unix socket — review where that file and socket will live and who/what can access them; 2) if you plan to use the OpenAI embedder/LLM, you will need to supply an API key (the skill bundle did not declare any required env vars like OPENAI_API_KEY); 3) the skill supports agent-initiated 'self_learn' (automatic updates to the graph) — only enable autonomous invocation if you trust the agent's behavior and data handling; 4) verify the openclawbrain PyPI package and its source (there is no homepage/source URL in the registry) before running pip install; and 5) if you need higher assurance, request the package source or a signed release and review daemon/socket access controls. If any of these points are unacceptable, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dzty4pxy5477c2kwz8j57ys820pa1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments