.Backup Global Cognitive Brain 20260316 100703
v1.0.0實現強制五層思考流程,持久記憶自動管理,事件與知識累積,並即時建議最佳回應策略。
⭐ 0· 127·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description claim a persistent multi-layer thinking engine; the package contains Python code that implements persistent JSON memory (working/episodic/semantic/meta), keyword extraction, and a five-layer thinking pipeline. Files and APIs (init_memory, add_working_memory, store_event, update_fact, five_layer_thinking, build_context) are consistent with the declared purpose.
Instruction Scope
SKILL.md instructs installing the skill and (optionally) setting it as the default 'cognitive_skill' so every conversation triggers the five-layer pipeline and automatically injects memory into prompts. The instructions and shown code read, write, and rebuild brain_memory/ JSON files and automatically record all user inputs — this is within the skill's purpose but grants it broad discretion over capturing and reusing conversation content.
Install Mechanism
Registry metadata shows no install spec but the repository includes package.json (install: python_module) and SKILL.md references 'clawhub skill install' and manual copying. There are no external download URLs or network-install operations in the code; installation appears to be local/python-module based (low technical risk), but the metadata inconsistency (registry vs package.json) is noteworthy.
Credentials
The skill requests no environment variables or external credentials, which is coherent. However it persistently stores all inputs and facts (including examples showing IPs, COM port, system audit queries, and security-related prompts). If enabled as default, it will capture and inject potentially sensitive data across sessions without visible redaction or access controls — a privacy and data-exposure risk disproportionate to many uses.
Persistence & Privilege
always:false (no forced global inclusion) and model invocation is allowed (default). The SKILL.md recommends configuring this skill as the default cognitive skill so it runs on every conversation; while not an explicit platform-level privilege (not 'always:true'), this configuration effectively makes it persistently active and increases its blast radius because it autonomously records and reuses conversation data.
Assessment
This skill appears to be what it claims (a persistent multi-layer memory/‘brain’). The main risk is privacy: it automatically records every input and can inject that stored context into future prompts. Before installing or making it your default cognitive skill:
- Review the code (global_cognitive_brain.py) yourself or with a trusted developer to confirm no hidden network/exfil code (the provided file shows no network calls).
- Test in a sandbox or non-production account first so sensitive data won't be mixed into persistent memory.
- Inspect and secure the brain_memory/ files (working.json, semantic.json, episodic.json, meta.json); remove or redact any sensitive entries and set strict file permissions.
- Avoid setting it as the default cognitive_skill if you routinely discuss secrets (passwords, keys, internal IPs, audit results) with the agent.
- Consider adding or requesting features before use: explicit opt-out/redaction of sensitive messages, retention limits, encryption of stored memory, or an admin-controlled UI to review/delete stored memories.
If you want help identifying sensitive records in brain_memory/ or modifying the skill to redact or encrypt stored data, I can point to concrete code changes or a checklist to harden it.Like a lobster shell, security has layers — review code before you run it.
latestvk97b2qatws042qcwmfhs0z5kns8369pa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.