Nate Jones Second Brain
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the service role key is leaked or used on a Supabase project containing unrelated data, that data could be read or changed.
The skill explicitly requires and uses a Supabase service role key, which is expected for this server-side personal database workflow but grants broad database authority if exposed or reused outside a dedicated project.
Treat the service role key like a password. Anyone with it has full access to your data.
Use a dedicated Supabase project for this skill, store the service role key securely, rotate it if exposed, and avoid sharing it with other tools.
Private thoughts, relationship notes, tasks, or project details may be processed by OpenRouter and underlying model providers.
The artifacts clearly disclose that captured personal content is sent to an external AI gateway. This is purpose-aligned, but it creates an external data-processing boundary users should understand.
Captured text is sent to OpenRouter for embedding and classification. Be mindful of what you capture — anything you store goes through OpenRouter's API.
Review OpenRouter and selected model-provider data policies before storing sensitive information, and avoid capturing secrets or highly confidential content.
Captured notes may influence future retrievals, summaries, and task suggestions even if they were misclassified or should no longer be remembered.
The skill intentionally creates persistent agent memory that can be searched and reused later. This is the stated purpose, but persistent memory can retain incorrect, sensitive, or stale entries.
a persistent, searchable knowledge layer that turns your agent into a personal knowledge manager
Regularly review stored entries, use the correction workflow, and consider adding retention or deletion practices for sensitive or outdated records.
Incorrect routing or correction actions could alter or remove records in the second-brain database.
The documented correction workflow can delete and recreate records as part of fixing routing mistakes. This is user-directed and purpose-aligned, but it is still mutation authority over persistent knowledge-base data.
Deletes it from the wrong table
Review confirmation messages, keep backups or export options for important data, and require explicit user confirmation before destructive corrections.