Safety Report

BrainRepo

Name: BrainRepo
Rating: 5 (2 reviews)
Author: codezz

Your personal knowledge repository — capture, organize, and retrieve everything using PARA + Zettelkasten. Triggers on: "save this", "remember", "note", "capture", "brain dump", daily/weekly reviews, searching stored knowledge, managing projects/areas/people. Works with any AI agent that reads markdown. Stores everything as .md files in a Git repo for Obsidian, VS Code, or any editor.

1,859Downloads

6Installs

2Stars

1Versions

Workflow Automation3,323 Search & Retrieval2,116 File Management2,100 E-Commerce1,690

Security Analysis

medium confidence

Clean

The skill generally matches a local markdown-backed knowledge repository, but it auto-creates and manages a fixed folder in your home directory and runs git workflows (commit/push) without a configurable path or explicit per-install consent — this design decision is risky and should be reviewed before installing.

Mar 7, 20268 files3 concerns

Purpose & Capabilityok

Name/description match behavior: captures, organizes, and retrieves notes as .md files in a git-backed repository. No unrelated binaries, env vars, or external endpoints are requested.

Instruction Scopeconcern

SKILL.md instructs the agent to check for and, if missing, automatically create ~/Documents/brainrepo/ (non-configurable), populate templates, initialize git, and run commits/pushes as part of workflows — which can overwrite or create files in the user's home without explicit, per-run confirmation.

Install Mechanismok

Instruction-only skill with no install spec or downloads; lowest install risk because nothing is written by an installer. All behavior is via runtime file operations.

Credentialsnote

No env vars or external credentials are requested, which is appropriate. However, the skill relies on git commands (commit/push) that may use the user's git credentials/config or attempt network pushes to configured remotes — this is proportional to a git-backed repo but has privacy/exfiltration implications if remotes are present.

Persistence & Privilegenote

Does not request always:true and is user-invocable. It does write persistent files under a fixed path and performs git operations; autonomous invocation combined with automatic onboarding could let the agent create/modify files without explicit user approval each time.

Guidance

What to consider before installing: 1) Backup or inspect ~/Documents/brainrepo/ if it already exists — the skill uses that exact, non-configurable path and may create/overwrite files. 2) Prefer running onboarding manually the first time rather than letting the agent auto-run it, so you can review created files and templates. 3) Check your git remotes and credentials: daily/weekly workflows call git commit and git push which could transmit repository contents to configured remotes. If you keep sensitive data, remove or avoid pushing it. 4) If you want less risk, request a configurable path or run the skill in a sandbox folder you control. 5) Consider limiting autonomous invocation or monitoring the agent's first runs to confirm behavior matches expectations.

Latest Release

v1.0.0

Initial release: Second Brain skill(PARA + Zettelkasten)

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @codezz on ClawHub