Cerebrun
v1.0.1MCP client for Cerebrun - comprehensive personal context and memory management system. Retrieve user context layers (language, projects, identity, vault), pe...
⭐ 1· 450·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description match the included code and SKILL.md: it is an MCP client for cereb.run. However the registry metadata declares no required environment variables or primary credential even though the SKILL.md and scripts clearly require an API key (CEREBRUN_API_KEY / --api-key). That mismatch is a material incoherence: a networked client that accesses sensitive user layers should declare its credential requirements in metadata.
Instruction Scope
SKILL.md and scripts instruct the agent to fetch/update context layers (including layer 2: identity/API keys and layer 3: encrypted vault via explicit request), search knowledge, and fetch full conversation histories. Those operations are within the stated purpose, but they allow access to highly sensitive data and conversation history. The instructions also show how to send messages to external LLM providers via the Gateway. There are no unexpected local file or system-access instructions, but the scope includes potentially exfiltratable user secrets via the remote API.
Install Mechanism
No install spec is present and the skill is instruction+script only. The included Python script is readable, uses only standard library urllib, and points to a single well-formed endpoint (https://cereb.run/mcp). There are no downloads, extract steps, or third-party package installs.
Credentials
The code and README expect an API key (CEREBRUN_API_KEY or --api-key), but the registry's required env/primaryEnv fields are empty. That omission is disproportionate and important: the skill needs a bearer token to operate and will use it to access context that may include other secrets. The skill does not request unrelated local secrets, but the ability to retrieve layer 2 (which the SKILL.md says may contain API/other keys) increases sensitivity of the single required credential.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide config. Autonomous invocation is allowed (default) — which is normal — but not combined here with always:true or other red flags.
What to consider before installing
This skill is a legitimate-looking client for the remote service cereb.run, but the package metadata fails to declare that it requires an API key. Before installing: (1) verify the publisher/source (homepage is missing), (2) expect to provide a Cerebrun bearer token — avoid reusing highly privileged tokens, (3) understand that using the skill can return highly sensitive data (identity fields, stored API keys in layer 2, and vault data via explicit requests), so only enable it if you trust the Cerebrun service and its privacy/security practices, (4) ask the publisher to correct the metadata to declare the required env var/primary credential, and (5) restrict the token you give to least privilege (scoped token) and monitor usage. If you cannot verify the service/publisher, treat this skill as risky and do not provide real secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk974mkwpe40gx8sw76je9z57xx81rd81mcpvk97fxmkyg475st2ggg3h9w3ngn81pkdmmemoryvk97fxmkyg475st2ggg3h9w3ngn81pkdm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.