ZettaBrain RAG
PassAudited by ClawScan on May 12, 2026.
Overview
The skill is coherent for a local private-document RAG tool, with notable but disclosed risks around installing external code, indexing private documents, running a background service, and deleting its own vector index.
This skill does not show artifact-backed malicious behavior, but install it only if you are comfortable running external installer/package code, granting sudo for setup on systems that need it, indexing the selected document folder into a persistent local vector database, and managing the auto-start service. Keep Ollama local unless you intentionally want document queries sent to a remote host.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill can run code from external package/script sources on the user's machine, sometimes with administrator privileges.
The skill directs users to install and run external package or installer code, including privileged shell execution on Linux. The documentation tells users to review the source first, so this is disclosed setup risk rather than hidden behavior.
pipx install zettabrain-rag sudo zettabrain-setup ... curl -fsSL https://zettabrain.app/install.sh | sudo bash ... irm https://zettabrain.app/install.ps1 | iex
Prefer the pipx installation path when possible, inspect installer scripts before running one-line commands, and only install from sources you trust.
A privileged setup step can modify system-level service configuration and install components outside the user's normal home directory.
The artifact requests administrator privileges for setup and service registration. That authority is proportionate to installing system services, but users should notice the elevated privilege boundary.
sudo zettabrain-setup ... The Linux installer requires `sudo` to install Ollama system-wide and register a systemd service.
Run privileged setup only after reviewing the package/installer source and understanding the system service it creates.
Private document contents may influence future answers through the persistent local vector store until the index is deleted or rebuilt.
The skill persists embeddings and ingestion state derived from private documents. This is central to RAG and the storage path is disclosed, but it means selected documents become part of a reusable local retrieval index.
The vector index (document embeddings) is stored **only on your local machine**: ... Vector database | `/opt/zettabrain/src/zettabrain_vectorstore/` ... **Exclude files or folders** by not including them in `ZETTABRAIN_DOCS` — only files under that path are indexed.
Point ZETTABRAIN_DOCS only at folders you intend to index, avoid mixing unrelated sensitive files, and use the documented deletion or rebuild steps when needed.
If configured to use a remote Ollama server, document-related prompts or query context may leave the local machine.
The artifact clearly warns that changing the Ollama endpoint to a remote host changes the data boundary for document queries.
OLLAMA_HOST ... Default: http://localhost:11434 (local). WARNING: setting this to a remote host sends document queries off-machine.
Keep OLLAMA_HOST pointed at localhost unless you intentionally trust and control the remote endpoint.
The web GUI service may continue running after setup and restart automatically on boot until disabled or removed.
The skill creates persistence via a boot-starting service. The behavior is disclosed and service management/removal commands are provided.
Register ZettaBrain as a background service ... ZettaBrain registers a background service so the web GUI auto-starts on boot.
Disable or remove the service if you only want to run ZettaBrain manually.
Running these commands will permanently remove the local vector index and ingestion log, requiring re-ingestion to restore them.
The documentation includes destructive deletion commands. They are scoped to the skill's own vector index and ingestion log and appear under a user-directed deletion section.
rm -rf /opt/zettabrain/src/zettabrain_vectorstore rm -f /opt/zettabrain/src/ingested_files.json
Use the deletion commands only when you intentionally want to reset or remove the indexed document data.