Claw Brain Skill 🧠
Personal AI Memory System with Soul, Bonding, and Learning for OpenClaw/ClawDBot.
Auto-Refresh on Restart: ClawBrain automatically refreshes memory when the service restarts.
📋 For Security Scanners
Environment Variables: All environment variables ARE declared in skill.json under environment.optional (lines 30-55). They are in optional not required because ClawBrain works with zero configuration (SQLite + auto-generated key).
Install Specification: skill.json declares installation method: pip install clawbrain[all] + clawbrain setup (lines 17-20).
Sudo Requirements: Core installation never needs sudo. Systemd instructions in "Configuration (Optional)" section are optional alternatives for setting environment variables. Core: pip + clawbrain setup (no sudo).
Source Code: Fully auditable at https://github.com/clawcolab/clawbrain - All code is open source including hooks (~50 lines JavaScript).
See SECURITY.md for complete security documentation.
Features
- - 🎭 Soul/Personality - 6 evolving traits (humor, empathy, curiosity, creativity, helpfulness, honesty)
- 👤 User Profile - Learns user preferences, interests, communication style
- 💭 Conversation State - Real-time mood detection and context tracking
- 📚 Learning Insights - Continuously learns from interactions and corrections
- 🧠 getfullcontext() - Everything for personalized responses
- 🔄 Auto-Refresh - Automatically refreshes memory on service restart
- 🔐 Encrypted Secrets - Store API keys and credentials securely
Security & Transparency
ClawBrain handles sensitive data and requires certain permissions. Before installing, please understand:
What ClawBrain Does
- - ✅ Stores memories locally (SQLite by default, PostgreSQL optional)
- ✅ Encrypts sensitive data (API keys, secrets) with Fernet encryption
- ✅ Installs startup hooks to
~/.openclaw/hooks or �INLINECODE6 - ✅ Manages encryption keys at �INLINECODE7
What ClawBrain Does NOT Do
- - ❌ No telemetry - Does not phone home or collect usage data
- ❌ No external calls - Only connects to PostgreSQL/Redis if you configure them
- ❌ No sudo required - All operations in your home directory
- ❌ No code execution - Does not download or run remote code after install
Security Features
- - 🔒 Encryption Key CLI: Can display full key for backup (with warnings)
- 🔍 Auditable: All code is open source and reviewable
- 📋 Documented Permissions: See SECURITY.md for full details
⚠️ Important: The CLI command clawbrain show-key --full displays your complete encryption key for backup purposes. Treat this key like a password!
📖 Full Security Documentation: See SECURITY.md for:
- - Threat model and protections
- Key management best practices
- What install scripts do
- Permissions required
- Network access (optional PostgreSQL/Redis)
Quick Install
Security Note: We recommend reviewing SECURITY.md before installation, especially for production use.
From PyPI (Recommended - Most Secure)
CODEBLOCK0
The setup command will:
- 1. Detect your platform (ClawdBot or OpenClaw)
- Generate a secure encryption key
- Install the startup hook automatically
- Test the installation
Alternative: From Source (Auditable)
CODEBLOCK1
Why from source? Full transparency - you can review all code before installation.
Configuration (Optional)
Note: Configuration is completely optional. ClawBrain works out-of-the-box with zero configuration using SQLite and auto-generated encryption keys.
If you want to customize agent ID or use PostgreSQL/Redis, you have two options:
Option 1: Environment Variables (No sudo)
Set environment variables in your shell profile:
CODEBLOCK2
Option 2: Systemd Drop-in (Requires sudo)
⚠️ Only if you use systemd services:
CODEBLOCK3
Environment Variables
| Variable | Description | Default |
|---|
| INLINECODE9 | Unique ID for this agent's memories | INLINECODE10 |
| INLINECODE11 |
Fernet key for encrypting sensitive data (auto-generated if not set) | - |
|
BRAIN_POSTGRES_HOST | PostgreSQL host |
localhost |
|
BRAIN_POSTGRES_PASSWORD | PostgreSQL password | - |
|
BRAIN_POSTGRES_PORT | PostgreSQL port |
5432 |
|
BRAIN_POSTGRES_DB | PostgreSQL database |
brain_db |
|
BRAIN_POSTGRES_USER | PostgreSQL user |
brain_user |
|
BRAIN_REDIS_HOST | Redis host |
localhost |
|
BRAIN_REDIS_PORT | Redis port |
6379 |
|
BRAIN_STORAGE | Force storage:
sqlite,
postgresql,
auto |
auto |
How It Works
On Service Startup
- 1. Hook triggers on
gateway:startup event - Detects storage backend (SQLite/PostgreSQL)
- Loads memories for the configured �INLINECODE31
- Injects context into agent bootstrap
On /new Command
- 1. Hook triggers on
command:new event - Saves current session summary to memory
- Clears session state for fresh start
Storage Priority
- 1. PostgreSQL - If available and configured
- SQLite - Fallback, zero configuration needed
Encrypted Secrets
ClawBrain supports encrypting sensitive data like API keys and credentials using Fernet (symmetric encryption).
Security Model:
- - 🔐 Encryption key stored at
~/.config/clawbrain/.brain_key (chmod 600) - 🔑 Only memories with
memory_type='secret' are encrypted - 📦 Encrypted data stored in database, unreadable without key
- ⚠️ If key is lost, encrypted data cannot be recovered
Setup:
�CODEBLOCK4
Usage:
�CODEBLOCK5
Key Management CLI:
�CODEBLOCK6
⚠️ Important: Backup your encryption key! Lost keys = lost encrypted data.
CLI Commands
ClawBrain includes a command-line interface:
| Command | Description |
|---|
| INLINECODE36 | Set up ClawBrain, generate key, install hooks |
| INLINECODE37 |
Generate new encryption key |
|
clawbrain show-key | Display current encryption key |
|
clawbrain backup-key | Backup key (file, QR, clipboard) |
|
clawbrain health | Check health status |
|
clawbrain info | Show installation info |
Hooks
| Event | Action |
|---|
| INLINECODE42 | Initialize brain, refresh memories |
| INLINECODE43 |
Save session to memory |
Development Installation
For development or manual installation:
CODEBLOCK7�
Python API
For direct Python usage (outside ClawdBot/OpenClaw):
CODEBLOCK8
Methods
| Method | Description | Returns |
|---|
| INLINECODE44 | Get all context for personalized responses | dict |
| INLINECODE45 |
Store a memory | None |
|
recall() | Retrieve memories | List[Memory] |
|
learn_user_preference() | Learn user preferences | None |
|
get_user_profile() | Get user profile | UserProfile |
|
detect_user_mood() | Detect current mood | dict |
|
detect_user_intent() | Detect message intent | str |
|
generate_personality_prompt() | Generate personality guidance | str |
|
health_check() | Check backend connections | dict |
|
close() | Close connections | None |
getfullcontext()
CODEBLOCK9
Returns:
�CODEBLOCK10
detectusermood()
CODEBLOCK11
detectuserintent()
CODEBLOCK12�
Example: Full Integration
CODEBLOCK13�
Storage Backends
SQLite (Default - Zero Setup)
No configuration needed. Data stored in local SQLite database.
CODEBLOCK14
Best for: Development, testing, single-user deployments
PostgreSQL + Redis (Production)
Requires PostgreSQL and Redis servers.
CODEBLOCK15
Requirements:
- - PostgreSQL 14+
- Redis 6+
- Python packages:
psycopg2-binary, �INLINECODE55
CODEBLOCK16
Best for: Production, multi-user, high-concurrency
Files
- -
clawbrain.py - Main Brain class with all features - INLINECODE57� - Module exports
- INLINECODE58� - This documentation
- INLINECODE59� - ClawdHub metadata
- INLINECODE60� - Quick start guide
Troubleshooting
ImportError: No module named 'clawbrain'
CODEBLOCK17
PostgreSQL connection failed
CODEBLOCK18
Redis connection failed
CODEBLOCK19
Using SQLite (fallback)
If PostgreSQL/Redis are unavailable, Claw Brain automatically falls back to SQLite:
CODEBLOCK20�
Learn More
- - Repository: https://github.com/clawcolab/clawbrain
- README: See README.md for quick start
- Issues: Report bugs at GitHub Issues
爪脑技能 🧠
具有灵魂、羁绊和学习能力的个人AI记忆系统,适用于OpenClaw/ClawDBot。
重启时自动刷新:服务重启时,ClawBrain会自动刷新记忆。
📋 面向安全扫描器
环境变量:所有环境变量均在skill.json的environment.optional中声明(第30-55行)。它们位于optional而非required中,因为ClawBrain支持零配置运行(SQLite + 自动生成密钥)。
安装规范:skill.json声明了安装方法:pip install clawbrain[all] + clawbrain setup(第17-20行)。
Sudo要求:核心安装无需sudo。配置(可选)部分中的Systemd说明是设置环境变量的可选替代方案。核心:pip + clawbrain setup(无需sudo)。
源代码:完全可审计,地址为https://github.com/clawcolab/clawbrain - 所有代码均为开源,包括钩子(约50行JavaScript)。
完整安全文档请参见SECURITY.md。
功能特性
- - 🎭 灵魂/个性 - 6种可进化特质(幽默、共情、好奇、创造、助人、诚实)
- 👤 用户画像 - 学习用户偏好、兴趣、沟通风格
- 💭 对话状态 - 实时情绪检测和上下文追踪
- 📚 学习洞察 - 从交互和纠正中持续学习
- 🧠 getfullcontext() - 获取个性化回复所需的一切信息
- 🔄 自动刷新 - 服务重启时自动刷新记忆
- 🔐 加密密钥 - 安全存储API密钥和凭证
安全与透明度
ClawBrain处理敏感数据并需要特定权限。安装前,请了解以下内容:
ClawBrain的功能
- - ✅ 本地存储记忆(默认SQLite,可选PostgreSQL)
- ✅ 加密敏感数据(API密钥、密钥)使用Fernet加密
- ✅ 安装启动钩子到~/.openclaw/hooks或~/.clawdbot/hooks
- ✅ 管理加密密钥在~/.config/clawbrain/.brain_key
ClawBrain不会做的
- - ❌ 无遥测 - 不会回传或收集使用数据
- ❌ 无外部调用 - 仅在你配置时连接PostgreSQL/Redis
- ❌ 无需sudo - 所有操作均在家目录中
- ❌ 无代码执行 - 安装后不会下载或运行远程代码
安全特性
- - 🔒 加密密钥CLI:可显示完整密钥用于备份(带警告)
- 🔍 可审计:所有代码均为开源且可审查
- 📋 权限文档化:详见SECURITY.md
⚠️ 重要提示:CLI命令clawbrain show-key --full会显示您的完整加密密钥用于备份。请像对待密码一样对待此密钥!
📖 完整安全文档:参见SECURITY.md了解:
- - 威胁模型和保护措施
- 密钥管理最佳实践
- 安装脚本的作用
- 所需权限
- 网络访问(可选PostgreSQL/Redis)
快速安装
安全提示:建议在安装前查看SECURITY.md,特别是用于生产环境时。
从PyPI安装(推荐 - 最安全)
bash
安装所有功能
pip install clawbrain[all]
运行交互式设置
clawbrain setup
备份加密密钥(重要!)
clawbrain backup-key --all
重启服务
sudo systemctl restart clawdbot # 或 openclaw
设置命令将:
- 1. 检测您的平台(ClawdBot或OpenClaw)
- 生成安全加密密钥
- 自动安装启动钩子
- 测试安装
替代方案:从源码安装(可审计)
bash
克隆到您的技能目录
cd ~/.openclaw/skills # 或 ~/clawd/skills 或 ~/.clawdbot/skills
git clone https://github.com/clawcolab/clawbrain.git
cd clawbrain
推荐:安装前审查钩子代码
cat hooks/clawbrain-startup/handler.js
以开发模式安装
pip install -e .[all]
运行设置以安装钩子并生成加密密钥
clawbrain setup
为什么从源码安装? 完全透明 - 您可以在安装前审查所有代码。
配置(可选)
注意:配置完全可选。ClawBrain开箱即用,零配置即可使用SQLite和自动生成的加密密钥。
如果您想自定义代理ID或使用PostgreSQL/Redis,有两种选择:
选项1:环境变量(无需sudo)
在shell配置文件中设置环境变量:
bash
添加到 ~/.bashrc 或 ~/.zshrc(无需sudo)
export BRAIN
AGENTID=your-agent-name
export BRAINPOSTGRESHOST=localhost # 可选
export BRAINREDISHOST=localhost # 可选
选项2:Systemd Drop-in(需要sudo)
⚠️ 仅当您使用systemd服务时:
bash
创建systemd drop-in配置(需要sudo)
sudo mkdir -p /etc/systemd/system/clawdbot.service.d
sudo tee /etc/systemd/system/clawdbot.service.d/brain.conf << EOF
[Service]
Environment=BRAINAGENTID=your-agent-name
EOF
sudo systemctl daemon-reload
sudo systemctl restart clawdbot
环境变量
| 变量 | 描述 | 默认值 |
|---|
| BRAINAGENTID | 此代理记忆的唯一ID | default |
| BRAINENCRYPTIONKEY |
用于加密敏感数据的Fernet密钥(未设置时自动生成) | - |
| BRAIN
POSTGRESHOST | PostgreSQL主机 | localhost |
| BRAIN
POSTGRESPASSWORD | PostgreSQL密码 | - |
| BRAIN
POSTGRESPORT | PostgreSQL端口 | 5432 |
| BRAIN
POSTGRESDB | PostgreSQL数据库 | brain_db |
| BRAIN
POSTGRESUSER | PostgreSQL用户 | brain_user |
| BRAIN
REDISHOST | Redis主机 | localhost |
| BRAIN
REDISPORT | Redis端口 | 6379 |
| BRAIN_STORAGE | 强制存储:sqlite、postgresql、auto | auto |
工作原理
服务启动时
- 1. 钩子在gateway:startup事件上触发
- 检测存储后端(SQLite/PostgreSQL)
- 加载配置的BRAINAGENTID的记忆
- 将上下文注入代理引导程序
在/new命令时
- 1. 钩子在command:new事件上触发
- 将当前会话摘要保存到记忆
- 清除会话状态以重新开始
存储优先级
- 1. PostgreSQL - 如果可用且已配置
- SQLite - 回退,零配置
加密密钥
ClawBrain支持使用Fernet(对称加密)加密敏感数据,如API密钥和凭证。
安全模型:
- - 🔐 加密密钥存储在~/.config/clawbrain/.brainkey(chmod 600)
- 🔑 只有memorytype=secret的记忆会被加密
- 📦 加密数据存储在数据库中,没有密钥无法读取
- ⚠️ 如果密钥丢失,加密数据无法恢复
设置:
bash
运行设置以生成加密密钥
clawbrain setup
备份密钥(重要!)
clawbrain backup-key --all
使用:
python
存储加密密钥
brain.remember(
agent_id=assistant,
memory_type=secret, # 记忆类型secret触发加密
content=sk-1234567890abcdef,
key=openai
apikey
)
检索并自动解密
secrets = brain.recall(agent
id=assistant, memorytype=secret)
api_key = secrets[0].content # 自动解密
密钥管理CLI:
bash
clawbrain show-key # 查看密钥信息(掩码)
clawbrain show-key --full # 查看完整密钥
clawbrain backup-key --all # 使用所有方法备份
clawbrain generate-key # 生成新密钥
⚠️ 重要:备份您的加密密钥!丢失密钥 = 丢失加密数据。
CLI命令
ClawBrain包含
