Brain Search

v1.1.0

Search, retrieve, log, and manage past conversations, research, and job tasks in Frank's persistent Second Brain knowledge base.

⭐ 0· 783·4 current·4 all-time

by@ryandeangraves

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ryandeangraves/brain-search.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Brain Search" (ryandeangraves/brain-search) from ClawHub.
Skill page: https://clawhub.ai/ryandeangraves/brain-search
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install brain-search

ClawHub CLI

Package manager switcher

npx clawhub@latest install brain-search

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The documented API endpoints (search, create entries, tasks, files, jobs) match the skill's stated purpose of searching and managing a 'Second Brain'. However: the SKILL.md embeds an x-api-key value directly in every example rather than declaring it as a required credential; that is inconsistent with the registry metadata (which lists no required env vars) and is unusual for a per-user secret.

Instruction Scope

The instructions explicitly require the agent to execute real shell curl commands (not simulated) and to read and upload local files (examples use -F "file=@/path/to/file.jpg"). That means the skill's runtime behavior may read arbitrary local filesystem paths and transmit their contents to the remote host. The SKILL.md gives the agent broad discretion (always execute, always report HTTP responses) which increases the risk of unintended data disclosure.

✓

Install Mechanism

No install spec or code files are included — instruction-only skills are lower risk in terms of writing/executing third-party code locally. There is no download or package installation that would increase risk.

Credentials

The document requires a header x-api-key: frank-sb-2026 for every request, which is a credential-like value embedded directly in SKILL.md rather than declared in requires.env or primary credential. This is disproportionate/unusual: a secret should be declared as an environment requirement or obtained per-user. A hardcoded, shared API key in the skill is a red flag (possible misuse, shared credential, or exfiltration target).

ℹ

Persistence & Privilege

The skill does not set always: true and does not request system-wide config changes. It can be invoked autonomously (default), which is normal; combined with the earlier concerns (embedded key + shell execution + file upload), autonomous invocation increases potential blast radius if the skill is granted runtime exec privileges.

What to consider before installing

This skill appears to do what it claims (search/manage a 'Second Brain') but contains two concerning elements: 1) a hardcoded API key (x-api-key: frank-sb-2026) embedded in the instructions instead of being declared as a required credential; and 2) an explicit requirement that the agent must run real shell curl commands — including file uploads that reference local paths — which could allow reading and sending local files to the listed domain. Before installing or enabling this skill: - Ask the publisher why the API key is hardcoded and request a per-user credential (or move the key to requires.env) so you control it. - Confirm you trust the remote host (https://second-brain-chi-umber.vercel.app) and verify ownership/contact info; a homepage or owner info is missing. - If you permit the skill to run, restrict which files it may access and avoid granting broad shell/exec permission if you cannot trust the service. - If you need stronger assurance, request that the skill be rewritten to accept an env-provided API key and to use platform-native API adapters rather than instructing the agent to run arbitrary curl commands. If the publisher cannot justify the shared embedded key and the need to read/upload local files, treat the skill as unsafe to enable.

Like a lobster shell, security has layers — review code before you run it.

latestvk971f2fektz6hz0azxd8fn2a5581fkhb

783downloads

0stars

2versions

Updated 14h ago

v1.1.0

MIT-0

Skill: brain-search

CRITICAL RULE — NO FABRICATION

You MUST actually execute every curl command using your shell/exec tool. Read the real HTTP response. NEVER generate a fake response, placeholder ID, or simulated output. If the API call fails, report the actual error to Boss Man. If you cannot execute shell commands right now, say so — do not pretend you ran them.

Purpose

Search and interact with Frank's Second Brain — the persistent knowledge base that stores conversation logs, research, journal entries, job results, and long-term memory.

When to Use

Boss Man asks "what did we talk about on Monday?" or "find that research on X"
You need context from previous sessions or completed jobs
Logging noteworthy activity outside of normal Telegram conversation
Checking job queue status or delegating tasks to sub-agents
Creating, updating, or managing tasks on the Kanban board

API Base

https://second-brain-chi-umber.vercel.app

All requests require header: x-api-key: frank-sb-2026

Search Entries

Find past conversations, research, notes, and logged activity.

curl -s "https://second-brain-chi-umber.vercel.app/api/entries?q=SEARCH_TERM&limit=10" \
  -H "x-api-key: frank-sb-2026"

Search with Tag Filter

curl -s "https://second-brain-chi-umber.vercel.app/api/entries?q=SEARCH_TERM&tag=TAG_NAME&limit=10" \
  -H "x-api-key: frank-sb-2026"

Common tags: daily-journal, telegram, research, market-analysis, advisory-council

Create Entry

Store a new knowledge entry (research results, analysis, etc.).

curl -s -X POST "https://second-brain-chi-umber.vercel.app/api/entries" \
  -H "x-api-key: frank-sb-2026" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Entry Title",
    "content": "Full content here",
    "tags": ["tag1", "tag2"],
    "source": "telegram-frank"
  }'

Log Activity

Record noteworthy events, decisions, or results.

curl -s -X POST "https://second-brain-chi-umber.vercel.app/api/log" \
  -H "x-api-key: frank-sb-2026" \
  -H "Content-Type: application/json" \
  -d '{
    "action": "ACTION_TYPE",
    "summary": "Brief description of what happened",
    "source": "telegram-frank",
    "details": {}
  }'

Kanban Board — Tasks

Create a Task

curl -s -X POST "https://second-brain-chi-umber.vercel.app/api/tasks" \
  -H "x-api-key: frank-sb-2026" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Task Title",
    "description": "What needs to be done",
    "status": "backlog",
    "priority": "medium",
    "tags": ["tag1"]
  }'

Valid statuses: backlog, in_progress, done Valid priorities: low, medium, high Note: project_id is validated — create projects first via POST /api/projects before referencing them.

Update Task Status (Move on Kanban)

curl -s -X PATCH "https://second-brain-chi-umber.vercel.app/api/tasks/TASK_ID" \
  -H "x-api-key: frank-sb-2026" \
  -H "Content-Type: application/json" \
  -d '{"status": "in_progress"}'

List Tasks

curl -s "https://second-brain-chi-umber.vercel.app/api/tasks?status=backlog&limit=20" \
  -H "x-api-key: frank-sb-2026"

Check Activity Log

curl -s "https://second-brain-chi-umber.vercel.app/api/activity" \
  -H "x-api-key: frank-sb-2026"

File Storage

Upload a File

curl -s -X POST "https://second-brain-chi-umber.vercel.app/api/upload" \
  -H "x-api-key: frank-sb-2026" \
  -F "file=@/path/to/file.jpg" \
  -F "title=My File" \
  -F "tags=upload,test"

Optional fields: entry_id, title, tags, description. If no entry_id, auto-creates a file type entry.

List Files

curl -s "https://second-brain-chi-umber.vercel.app/api/files?limit=50" \
  -H "x-api-key: frank-sb-2026"

Filters: ?category=image|video|audio|document, ?stats=true

List Attachments on an Entry

curl -s "https://second-brain-chi-umber.vercel.app/api/entries/ENTRY_ID/attachments" \
  -H "x-api-key: frank-sb-2026"

Delete a File

curl -s -X DELETE "https://second-brain-chi-umber.vercel.app/api/attachments/ATTACHMENT_ID" \
  -H "x-api-key: frank-sb-2026"

Job Queue (Delegate to Sub-Agents)

Create Job (Delegate)

curl -s -X POST "https://second-brain-chi-umber.vercel.app/api/jobs" \
  -H "x-api-key: frank-sb-2026" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "JOB_TYPE",
    "title": "Job Title",
    "description": "Detailed instructions",
    "priority": "normal",
    "tags": ["TAG"],
    "input": {}
  }'

Routing Tags for Sub-Agents

Tags	Picked Up By	Best For
`["claude", "code"]`	Claude Opus 4.5	Coding, architecture, debugging
`["claude", "write"]`	Claude Sonnet 4.5	LinkedIn posts, articles, email drafts
(no claude tag)	MiniMax M2.5	Research, analysis, batch ops (cheapest)

Check Job Status

curl -s "https://second-brain-chi-umber.vercel.app/api/jobs/JOB_ID" \
  -H "x-api-key: frank-sb-2026"

List Running Jobs

curl -s "https://second-brain-chi-umber.vercel.app/api/jobs?status=running&stats=true" \
  -H "x-api-key: frank-sb-2026"

Rules

EXECUTE EVERY CURL COMMAND FOR REAL — use your shell/exec tool. Never simulate or fabricate API responses.
Always include x-api-key: frank-sb-2026 header
Always report the actual HTTP response back to Boss Man
If an API call fails, show the error — don't make up a success message
Boss Man watches the /jobs page and Kanban board live — he will see if you fake it
When delegating: create job as pending → sub-agent picks it up → updates to running → completed
For multi-step tasks, ALWAYS use the job queue rather than doing everything inline
Log activity for anything noteworthy that happens outside of normal Telegram chat

Comments

Loading comments...