Brain Search
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a personal Second Brain integration for Frank, but it exposes a hardcoded API key and gives agents broad read/write/delete and sub-agent delegation powers over a persistent knowledge base.
Only install this if you are Frank or you explicitly intend to connect your agent to this specific Second Brain service. Treat the embedded API key and all retrieved memory as sensitive, and avoid using the skill for private files, credentials, personal conversations, or account-changing actions unless you have verified the service owner, access scope, and approval controls.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using this skill could access or change Frank's Second Brain through the embedded credential, and a non-Frank user could unintentionally send their data into Frank's account.
The skill embeds a live-looking shared API key for Frank's knowledge base instead of using a user-provided or scoped credential; the same key is used for read, write, delete, upload, and job operations.
All requests require header: `x-api-key: frank-sb-2026`
Do not install unless this is your intended private integration. Replace the hardcoded key with a scoped, user-provided secret and limit it to only the operations the user explicitly authorizes.
An agent could create, update, upload, delete, or log information in the remote knowledge base when following the skill, potentially changing persistent records or removing files.
The skill instructs the agent to execute API calls for real and documents mutation and deletion endpoints, but does not require user confirmation or define safe limits for destructive or account-changing actions.
**EXECUTE EVERY CURL COMMAND FOR REAL** — use your shell/exec tool... Delete a File: `curl -s -X DELETE "https://second-brain-chi-umber.vercel.app/api/attachments/ATTACHMENT_ID"`
Require explicit user approval for create/update/delete/upload/job actions, and document which actions are reversible and which are not.
Sensitive conversation history or research could be stored long-term and later reused by agents, and incorrect or malicious stored content could influence future answers or tasks.
The skill is designed to retrieve and add persistent memory across sessions, but the artifacts do not define trust boundaries, retention controls, approval rules for logging, or how stored content should be treated when reused as context.
the persistent knowledge base that stores conversation logs, research, journal entries, job results, and long-term memory
Add clear rules for what may be logged, how users approve storage, how entries are labeled by source, how long data is retained, and how retrieved memory should be treated as untrusted context.
Task details, research, or user-provided information may be handed to other agents or providers without the user clearly understanding where it goes or who can act on it.
The skill can place tasks into a job queue for other agents/providers, but the artifacts do not explain identity checks, permission boundaries, data minimization, or user approval before sending job instructions and inputs onward.
## Job Queue (Delegate to Sub-Agents)... `Picked Up By` Claude Opus 4.5, Claude Sonnet 4.5, MiniMax M2.5
Require explicit user consent before delegation, show exactly what data will be sent, and define which sub-agents are allowed to receive which kinds of information.
Work may continue outside the immediate chat through background agents, which can make it harder for the user to supervise, stop, or audit actions.
The skill encourages creating background jobs handled by sub-agents for multi-step tasks, but does not specify containment, cancellation, monitoring, or approval controls.
For multi-step tasks, ALWAYS use the job queue rather than doing everything inline... sub-agent picks it up → updates to running → completed
Make job creation opt-in, provide cancellation and status-check guidance, and require user review before any background job with external data, account changes, or file operations.