← 返回 Skills 市场
Nate Jones Second Brain
作者
Limited Edition Jonathan
· GitHub ↗
· v1.0.2
807
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install nate-jones-second-brain
功能描述
Set up and operate a personal knowledge system using Supabase (pgvector) and OpenRouter. Five structured tables — thoughts (inbox log), people, projects, ide...
安全使用建议
This skill appears to be what it says, but take these precautions before installing:
- Treat the Supabase service_role key as highly sensitive. Prefer not to expose it directly to client/agent runtimes. Instead host a small server-side proxy or function that holds the service_role key and exposes only the minimal endpoints the agent needs (or use anon key + strict RLS if feasible).
- Use a dedicated Supabase project for this skill (do not put production or sensitive databases behind the same key). Rotate/revoke the service_role key after testing.
- Remember captured text is sent to OpenRouter. Avoid sending sensitive PII, secrets, or confidential content unless you accept the third-party handling.
- Test the full pipeline with non-sensitive test data first and verify RLS and access patterns in Supabase. Confirm OpenRouter model/data retention/privacy settings match your requirements.
- If you cannot run a server-side proxy, at minimum limit the agent’s environment access, lock down storage of keys (avoid committing to repos), and consider short-lived keys/automated rotation. If any of the above concerns are unacceptable to you, do not install or run this skill.
功能分析
Type: OpenClaw Skill
Name: nate-jones-second-brain
Version: 1.0.2
The skill is classified as suspicious due to its reliance on the `SUPABASE_SERVICE_ROLE_KEY`, which grants full, unrestricted access to the user's entire Supabase database, bypassing Row Level Security. While the documentation (SKILL.md, references/setup.md, references/schema.md) transparently explains this design choice for a 'single-user personal knowledge base' where the agent is a 'trusted server-side component', and configures RLS to *only* allow this role, it represents a significant privilege escalation. A compromise of the agent or the environment variables would lead to complete data exposure or manipulation. Additionally, all captured user thoughts are sent to OpenRouter for processing, which is a privacy consideration, though also transparently documented. There is no evidence of intentional malicious behavior, unauthorized data exfiltration to unknown endpoints, or prompt injection designed to subvert the agent for harmful purposes.
能力评估
Purpose & Capability
The name/description (Supabase + pgvector + OpenRouter) matches the declared requirements and instructions. SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY and OPENROUTER_API_KEY are exactly what the documented pipeline needs (REST calls to Supabase and API calls to OpenRouter). No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md and reference docs contain explicit runtime instructions (curl commands) to: create embeddings and call the LLM at openrouter.ai, insert rows into Supabase, run upserts/patches, and update audit rows. The instructions do not attempt to read other files or unrelated env vars, but they do send user-captured text to OpenRouter (external). The docs warn about this, but it remains a privacy/data-exfiltration consideration.
Install Mechanism
Instruction-only skill with no install spec and no code files. Lowest install risk — nothing is written to disk by the skill package itself.
Credentials
Only three env vars are required and they are relevant, but SUPABASE_SERVICE_ROLE_KEY is a full privileged key (can bypass Row Level Security and access/modify all database data). The README justifies its use for a single-user server-side flow, but exposing that key to an agent runtime or storing it in an agent config increases blast radius if the agent or environment is compromised. OPENROUTER_API_KEY sends data to a third party; the docs note this but users must accept that captured content will leave their environment.
Persistence & Privilege
The skill does not request permanent platform-wide inclusion (always:false) and does not modify other skills or system settings. Autonomous invocation is enabled (default) which is expected for skills; combined with a privileged service_role key it increases potential impact, but autonomy alone is not unusual.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nate-jones-second-brain - 安装完成后,直接呼叫该 Skill 的名称或使用
/nate-jones-second-brain触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
**Major update: Structured multi-table knowledge system and AI-powered routing.**
- Adds four new structured tables (`people`, `projects`, `ideas`, `admin`) alongside `thoughts`, supporting relationship, work, and task management.
- Implements an AI-driven ingest pipeline: thoughts are embedded, classified with confidence scoring, and routed to a destination table or held in the inbox if confidence is low.
- Documents foundational concepts: drop box (inbox), sorter (AI routing), bouncer (confidence threshold), and audit trail for traceability.
- Provides cross-table semantic search via a new `search_all` endpoint, as well as per-table semantic search.
- Updates references and documentation to detail new schemas, routing rules, and operational building blocks.
- Adds conceptual documentation with a new `concepts.md` reference.
v1.0.1
Added security considerations (service_role key rationale, data handling notes). Expanded description with full pipeline details. Updated guide with editorial framework.
v1.0.0
Initial release of nate-jones-second-brain.
- Provides an opinionated foundation for a personal knowledge database using Supabase (pgvector) for storage and OpenRouter for AI tasks.
- Supports capturing thoughts, semantic search, metadata extraction, and embedding generation.
- Includes detailed instructions and example API requests for embedding, storing, searching, and listing thoughts.
- Defines a standard metadata schema for all captured thoughts.
- Requires environment variables: SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY, and OPENROUTER_API_KEY.
- Includes references for setup, database schema, ingestion, retrieval, and OpenRouter integration.
元数据
常见问题
Nate Jones Second Brain 是什么?
Set up and operate a personal knowledge system using Supabase (pgvector) and OpenRouter. Five structured tables — thoughts (inbox log), people, projects, ide... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 807 次。
如何安装 Nate Jones Second Brain?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nate-jones-second-brain」即可一键安装,无需额外配置。
Nate Jones Second Brain 是免费的吗?
是的,Nate Jones Second Brain 完全免费(开源免费),可自由下载、安装和使用。
Nate Jones Second Brain 支持哪些平台?
Nate Jones Second Brain 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nate Jones Second Brain?
由 Limited Edition Jonathan(@justfinethanku)开发并维护,当前版本 v1.0.2。
推荐 Skills