BrainDB

The name/description (persistent semantic memory) align with the included files: a gateway, embedder, Neo4j DB, migration and auto-capture code. Required binaries (docker, node) are reasonable for the bundled installer. However there are internal inconsistencies: the registry metadata said 'no install spec / no required config paths' while SKILL.md metadata and installer expect to write/patch ~/.openclaw/openclaw.json and create ~/.openclaw/plugins/braindb. The included code also reads many workspace and user files (~/bin/, workspace scripts, skills), which is plausible for a memory/migration tool but broader than the registry's earlier declarations.

Runtime instructions and code do more than simple encode/recall. install.sh will (by default) back up workspace files, start Docker containers, and patch OpenClaw's config to enable autoCapture/autoRecall. execution-awareness.js actively enumerates system/tooling (which CLI tools are installed, ~/bin scripts, workspace scripts, other installed skills) and auto-capture middleware (auto-capture.js) will ingest tool execution outputs (errors, command output) and encode them into the DB. That means command outputs, script contents, and discovered metadata can be stored automatically. The migration tool can optionally send file contents to Google's Gemini API if the user opts into '--swarm'. These behaviors are within a memory-plugin's remit but are high-risk for sensitive data exfiltration if not understood/controlled.

SKILL.md declares a download/install from a GitHub Releases URL (braindb-v0.5.0.zip) and postInstall runs the included install.sh; GitHub releases is a standard host. The installer builds and runs Docker Compose (building local images, downloading the embedding model). That is expected for this workload but will write files, create containers, and download a ~420MB model. The registry-level summary incorrectly indicated 'instruction-only' (no install spec) which is inconsistent with the packaged install scripts and SKILL.md metadata.

The skill requests no external API keys by default, and the gateway binds to localhost. It generates and stores NEO4J_PASSWORD in a .env and will patch your OpenClaw config. However the code reads numerous local paths and tool outputs (workspace files, ~/bin scripts, other skills' SKILL.md, /tmp/fleet-nodes.json), and auto-capture may store outputs of arbitrary tool executions (including errors and command output). Those actions can capture secrets or sensitive data. Migration can optionally transmit file contents to Google Gemini (opt-in via --swarm), which is explicitly documented but must be chosen by the user to expose data externally.

The installer patches OpenClaw config to enable the plugin and autoCapture by default (writes to ~/.openclaw/openclaw.json), creates Docker volumes and persists data. always:false so it's not force-included globally, but it does gain persistent presence in the agent config and autonomous invocation (autoCapture/autoRecall). That persistence is normal for a plugin but increases blast radius because the skill will run automatically and record data unless you disable it in config.