Skillv1.0.0

ClawScan security

.Backup Global Cognitive Brain 20260316 100703 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 19, 2026, 2:41 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, files, and runtime instructions match its stated goal of a persistent multi-layer 'brain', but it persistently records and auto-injects conversation data which is a privacy risk the user should understand before enabling as a default cognitive skill.
Guidance: This skill appears to be what it claims (a persistent multi-layer memory/‘brain’). The main risk is privacy: it automatically records every input and can inject that stored context into future prompts. Before installing or making it your default cognitive skill: - Review the code (global_cognitive_brain.py) yourself or with a trusted developer to confirm no hidden network/exfil code (the provided file shows no network calls). - Test in a sandbox or non-production account first so sensitive data won't be mixed into persistent memory. - Inspect and secure the brain_memory/ files (working.json, semantic.json, episodic.json, meta.json); remove or redact any sensitive entries and set strict file permissions. - Avoid setting it as the default cognitive_skill if you routinely discuss secrets (passwords, keys, internal IPs, audit results) with the agent. - Consider adding or requesting features before use: explicit opt-out/redaction of sensitive messages, retention limits, encryption of stored memory, or an admin-controlled UI to review/delete stored memories. If you want help identifying sensitive records in brain_memory/ or modifying the skill to redact or encrypt stored data, I can point to concrete code changes or a checklist to harden it.

Review Dimensions

Purpose & Capability: okName/description claim a persistent multi-layer thinking engine; the package contains Python code that implements persistent JSON memory (working/episodic/semantic/meta), keyword extraction, and a five-layer thinking pipeline. Files and APIs (init_memory, add_working_memory, store_event, update_fact, five_layer_thinking, build_context) are consistent with the declared purpose.
Instruction Scope: noteSKILL.md instructs installing the skill and (optionally) setting it as the default 'cognitive_skill' so every conversation triggers the five-layer pipeline and automatically injects memory into prompts. The instructions and shown code read, write, and rebuild brain_memory/ JSON files and automatically record all user inputs — this is within the skill's purpose but grants it broad discretion over capturing and reusing conversation content.
Install Mechanism: noteRegistry metadata shows no install spec but the repository includes package.json (install: python_module) and SKILL.md references 'clawhub skill install' and manual copying. There are no external download URLs or network-install operations in the code; installation appears to be local/python-module based (low technical risk), but the metadata inconsistency (registry vs package.json) is noteworthy.
Credentials: concernThe skill requests no environment variables or external credentials, which is coherent. However it persistently stores all inputs and facts (including examples showing IPs, COM port, system audit queries, and security-related prompts). If enabled as default, it will capture and inject potentially sensitive data across sessions without visible redaction or access controls — a privacy and data-exposure risk disproportionate to many uses.
Persistence & Privilege: notealways:false (no forced global inclusion) and model invocation is allowed (default). The SKILL.md recommends configuring this skill as the default cognitive skill so it runs on every conversation; while not an explicit platform-level privilege (not 'always:true'), this configuration effectively makes it persistently active and increases its blast radius because it autonomously records and reuses conversation data.