Claw Brain - Personal AI Memory System for OpenClaw/ClawDBot. Provides memory, personality, bonding, and learning capabilities with encrypted secrets support. Auto-refreshes on service restart.
Security Analysis
medium confidenceClaw Brain's requested permissions and instructions are consistent with a local personal-memory agent (hooks, local key, optional DB/redis), but there are a few minor documentation/metadata inconsistencies and some operational risks you should review before installing.
The skill's name and description (personal memory, encrypted secrets, startup hooks) align with the declared actions: filesystem read/write in the user's home, generating/storing a Fernet key, installing hooks, optional PostgreSQL/Redis. Requested dependencies (cryptography, psycopg2, redis) are reasonable for this feature set.
SKILL.md instructs the agent/user to run `pip install clawbrain[all]` and `clawbrain setup`, install hooks to ~/.openclaw/hooks or ~/.clawdbot/hooks, and manage an encryption key. These instructions are within the scope of a memory system. Items to watch: the CLI exposes `show-key --full` and `backup-key` (sensitive operations) and the hooks log startup context — both are expected but could leak secrets if misused or if logs are visible to other users. SKILL.md and SECURITY.md use language like "No code execution" which is ambiguous — they likely mean "no remote code downloads/execution after install," but the installed hook code will execute locally on events; review hook code before install as recommended.
Installation is via PyPI (`pip install clawbrain[all]`) or clone-and-pip-install from GitHub. Those are standard, traceable mechanisms. There is no evidence of arbitrary URL downloads or extracted archives in the provided files. The skill appropriately recommends installing from source if you want to audit the hook code.
No required environment variables are declared; all referenced env vars are optional and relevant (agent id, encryption key override, optional Postgres/Redis connection and password). Requesting a DB password and an encryption key is proportionate to a memory/encryption feature. The CLI commands that expose the full key are expected for backup but are high-risk operations and are documented as such.
The skill does not request always: true and is user-invocable only. It installs per-user hooks in home directories and stores keys under ~/.config/clawbrain — this is a standard, limited persistence model. The documentation explicitly states systemd/system-wide changes are optional and require sudo.
Guidance
Claw Brain appears to do what it says (local memory with encrypted secrets and startup hooks), but take these precautions before installing: 1) Verify the upstream project: check the GitHub URL and PyPI package match and review recent commits and release history. 2) Review the hook code (hooks/clawbrain-startup/handler.js) before installing to ensure it only calls the local Brain API and doesn't transmit data. 3) Treat the encryption key like a password: back it up offline, set file permissions (chmod 600 ~/.config/clawbrain/.brain_key), and avoid running `show-key --full` unless necessary. 4) If you enable Postgres/Redis, restrict network access (localhost, TLS) and avoid putting DB credentials in world-readable files. 5) Test in an isolated environment first (dedicated user or VM) to confirm behavior and logging; confirm that startup logs do not leak sensitive data. 6) Note minor metadata inconsistencies in the provided packaging/registry summary (some top-level registry fields said no install/homepage but skill.json references PyPI/GitHub) — verify the authoritative package sources before proceeding.
Latest Release
v0.1.14
- Added skill.json to the project. - Updated SKILL.md to provide detailed guidance for security scanners, clarifying environment variable use and install requirements. - Security and installation documentation in SKILL.md now references skill.json for environment variable declarations. - No core logic or feature changes to the skill functionality.
More by @clawcolab
Published by @clawcolab on ClawHub
