Brain Memory System
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a coherent local memory CLI, but it needs review because its optional LLM API-key setup can store and print the key in plaintext while the skill also persists agent memory across sessions.
Install only if you are comfortable with a persistent local agent memory database. Prefer setting LLM keys through environment variables rather than `brain config set key`, review procedure changes with dry-run, and avoid storing secrets or untrusted instructions in the memory system.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user sets an API key with this command, the key may be stored or displayed in places they did not intend.
The documented API-key config path writes the provided value into brain.conf and echoes it in full, which can expose an LLM API key in local files, terminal history, or agent transcripts.
key — API key ... echo "$key = $val" >> "$conf_file" ... echo "✅ Set $key = $val"
Prefer environment variables or a secret manager for the LLM key, avoid running `brain config set key` in agent-visible sessions, and change the script to mask the key and restrict config-file permissions.
Private notes, mistaken facts, or poisoned procedure steps could remain in the memory database or session-state file and affect future work.
The skill intentionally stores and reuses working memory and evolved procedures across sessions, so inaccurate or untrusted entries can persist and influence later agent behavior.
`brain wm` reads/writes `SESSION_STATE` (default: `SESSION-STATE.md` in workspace root) ... procedures that rewrite themselves from failure patterns
Treat the memory database and SESSION-STATE.md as sensitive, review stored memories/procedures periodically, use dry-run before procedure evolution, and avoid storing untrusted instructions as authoritative facts.
Procedure details and failure patterns may be shared with the configured LLM provider when evolution is run.
The skill discloses that procedure evolution can send data to a configurable external LLM provider; this is purpose-aligned but crosses a local-to-provider boundary.
No data is sent externally except LLM API calls during `proc evolve`.
Use a local LLM endpoint or avoid `proc evolve` for sensitive workflows, and verify `BRAIN_LLM_URL` before sending data.
Installing the CLI makes the skill's local scripts easier for the agent or user to run.
The install instructions require user-run local commands and place a CLI on the user's PATH; this is normal for the stated purpose but depends on trusting the supplied scripts.
sqlite3 brain.db < scripts/schema.sql ... ln -sf "$(pwd)/scripts/brain.sh" ~/.local/bin/brain ... chmod +x scripts/brain.sh
Review the scripts before linking them into ~/.local/bin, install from a trusted source, and remove the symlink if you uninstall the skill.