Cheese Brain
ReviewAudited by ClawScan on May 10, 2026.
Overview
Cheese Brain is a coherent knowledge-base skill, but it encourages persistent storage and retrieval of credentials, tokens, contacts, and backups without clear safeguards or user-control boundaries.
Install only if you trust and have reviewed the external Cheese Brain repository. Before using it, decide what the agent is allowed to save, avoid storing secrets in the database, review any existing `~/.cheese-brain` database and backups, and require confirmation before the agent adds or updates persistent entries.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
API tokens, credentials, or private configuration details could be exposed to any future agent session or user that queries the knowledge base.
The skill explicitly treats credentials and tokens as knowledge-base content that can be searched and returned, but it does not define access limits or safeguards for those secrets.
Query infrastructure - "What's the Telegram channel ID?" → integration details with tokens, config ... Data field: Freeform JSON for entity-specific details (paths, URLs, schedules, credentials, etc.).
Do not store passwords, API tokens, OAuth secrets, or recovery codes in this database unless you have separate encryption, access control, and a clear need. Prefer secret managers for credentials.
Sensitive, stale, incorrect, or maliciously influenced entries could be retained and reused in later sessions as trusted context.
The skill instructs the agent to use and write persistent cross-session memory, but does not specify confirmation, trust checks, retention, or exclusions for sensitive or untrusted content.
Key advantage: Persistent memory across sessions. You don't "remember" things — you query Cheese Brain and get instant context. ... When you learn something new worth persisting: cheese-brain add
Require explicit user approval before adding entries, label sources and trust level, review retrieved workflows before acting on them, and define retention/deletion rules for private data.
Installing the external repository may run local code that was not included in this review.
The skill depends on installing an external Python package, but the provided artifact set contains only SKILL.md and no reviewed package code or install specification.
git clone https://github.com/mhugo22/cheese-brain.git ... pip install -e .
Review the repository before installing, pin a trusted version or commit, install in an isolated virtual environment, and avoid running it with unnecessary privileges.
Old copies of private notes, credentials, or contact information may remain in backup files even after the active database changes.
The documentation mentions possible scheduled background backups, which are purpose-aligned but can preserve or duplicate sensitive knowledge-base contents.
Automated daily backups may already be configured via OpenClaw cron (check `~/.cheese-brain/backups/`).
Check whether cron backups are enabled, secure the backup directory, define a retention policy, and delete old backups that contain sensitive data.