Nate Jones Second Brain
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: nate-jones-second-brain Version: 1.0.2 The skill is classified as suspicious due to its reliance on the `SUPABASE_SERVICE_ROLE_KEY`, which grants full, unrestricted access to the user's entire Supabase database, bypassing Row Level Security. While the documentation (SKILL.md, references/setup.md, references/schema.md) transparently explains this design choice for a 'single-user personal knowledge base' where the agent is a 'trusted server-side component', and configures RLS to *only* allow this role, it represents a significant privilege escalation. A compromise of the agent or the environment variables would lead to complete data exposure or manipulation. Additionally, all captured user thoughts are sent to OpenRouter for processing, which is a privacy consideration, though also transparently documented. There is no evidence of intentional malicious behavior, unauthorized data exfiltration to unknown endpoints, or prompt injection designed to subvert the agent for harmful purposes.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the service role key is leaked or used on a Supabase project containing unrelated data, that data could be read or changed.
The skill explicitly requires and uses a Supabase service role key, which is expected for this server-side personal database workflow but grants broad database authority if exposed or reused outside a dedicated project.
Treat the service role key like a password. Anyone with it has full access to your data.
Use a dedicated Supabase project for this skill, store the service role key securely, rotate it if exposed, and avoid sharing it with other tools.
Private thoughts, relationship notes, tasks, or project details may be processed by OpenRouter and underlying model providers.
The artifacts clearly disclose that captured personal content is sent to an external AI gateway. This is purpose-aligned, but it creates an external data-processing boundary users should understand.
Captured text is sent to OpenRouter for embedding and classification. Be mindful of what you capture — anything you store goes through OpenRouter's API.
Review OpenRouter and selected model-provider data policies before storing sensitive information, and avoid capturing secrets or highly confidential content.
Captured notes may influence future retrievals, summaries, and task suggestions even if they were misclassified or should no longer be remembered.
The skill intentionally creates persistent agent memory that can be searched and reused later. This is the stated purpose, but persistent memory can retain incorrect, sensitive, or stale entries.
a persistent, searchable knowledge layer that turns your agent into a personal knowledge manager
Regularly review stored entries, use the correction workflow, and consider adding retention or deletion practices for sensitive or outdated records.
Incorrect routing or correction actions could alter or remove records in the second-brain database.
The documented correction workflow can delete and recreate records as part of fixing routing mistakes. This is user-directed and purpose-aligned, but it is still mutation authority over persistent knowledge-base data.
Deletes it from the wrong table
Review confirmation messages, keep backups or export options for important data, and require explicit user confirmation before destructive corrections.