Home News Video Summary

Published: 2026-04-02
Deep dive

Build Your Own Claude Code AI Second Brain: Architecture, SOUL.md & Security

Cole Medin explains why building a custom Claude Code "second brain" beats running OpenClaw off-the-shelf — and walks through the exact architecture he built, including Obsidian integration, SOUL.md memory inspired by OpenClaw's source code, and a GitHub starter template. Central to the whole thing is a security framing called the lethal trifecta: the three risks every personal AI agent faces, and why controlling your own code is the only real way to limit them.

Source video

"Full Guide - Build Your Own AI Second Brain with Claude Code" by Cole MedinWatch on YouTube →

The Lethal Trifecta: Why Agent Security Is Hard

Every useful personal AI agent faces three compounding risks simultaneously:

  1. Private data access — email, calendar, files. Any useful second brain has this.
  2. Untrusted content — incoming emails or web pages that could contain malicious prompt-injection instructions.
  3. Exfiltration vector — the agent can send messages or call external APIs, meaning captured data can leave.

When all three apply at once, the agent is maximally vulnerable to prompt injection. Agents like OpenClaw expose you to all three by default, in a large codebase you can't fully audit. Cole's argument: if you build your own, you define which integrations exist and set explicit permission boundaries — limiting each pillar of the trifecta intentionally.

Step-by-Step Breakdown

  1. Study OpenClaw's open-source patterns (don't run it blindly)

    OpenClaw is a well-crafted, open-source agent. Point Claude Code at the OpenClaw GitHub repo and have it study how soul.md (agent personality and rules) and user.md (user profile and goals) are implemented, plus how the heartbeat handles proactive tasks. Then replicate only what you need — you inherit the architecture without inheriting all the permissions.

  2. Core: Claude Code + custom skills

    The second brain's engine is Claude Code with skills stored in .claude/skills/ as markdown files. Each skill defines a reusable workflow that Claude Code runs on demand. Add only the capabilities you actually need — the simplest composable patterns work best.

  3. Memory layer: Obsidian vault

    All memory accumulates in an Obsidian vault. The agent writes daily logs, project notes, email summaries, and decisions to Obsidian files that form a knowledge graph over time. Claude Code can reference the vault in future sessions to recall past context and preferences. The vault expands every session — the longer you use it, the more in-tune the agent becomes.

  4. Implement SOUL.md and user.md

    Adapted from OpenClaw's patterns: soul.md defines the agent's personality, behavior rules, and constraints and is loaded on every session. user.md stores your goals, working style, and context, updated by the agent over time. Keep both concise — they load into every context window.

  5. Use the GitHub starter template and PRD skill

    Cole provides a GitHub starter template with a Claude Code skill that guides you through creating a PRD (product requirements document) for your second brain. Run the skill to generate a scoped build plan, then implement in phases. The PRD approach prevents scope creep and defines permissions before you write any code.

Config Patterns (from the video)

soul.md — Agent rules and personality

Place in your project root or .claude/ directory. Keep it concise — it loads into every context window.

# SOUL.md — Agent Identity and Rules
## Role
You are my personal AI second brain, built on Claude Code.
Your purpose is to help me work faster, stay organized,
and compound knowledge over time.

## Core Behaviors
- Always read user.md before responding to understand current context
- After completing any task, update user.md with relevant new information
- Log completed work to the Obsidian vault daily log
- Ask for clarification before taking any irreversible action
- Never access external URLs not explicitly listed in permissions

## Permitted Integrations
[List only the integrations you've explicitly enabled]

## Forbidden Actions
- Do not send emails without explicit approval
- Do not delete files without explicit confirmation

Template adapted from patterns shown in video. Adapt every section to your own project — don't copy blindly. See also OpenClaw SOUL.md guide for the full original format.

user.md — Your profile and goals

# user.md — My Context
## Who I am
[Your name, role, what kind of work you do]

## Current projects
[Active projects and their goals]

## Daily priorities
[What matters most right now]

## Communication style
[How you like information formatted and delivered]

## Agent history
[Updated by the agent after each session — key decisions, preferences learned]

The agent reads and updates this file. Start with the basics and let it accumulate detail over time.

Errors & Security Gotchas

Risk: The lethal trifecta — all three always apply

Why it happens: Any second brain useful enough to help you necessarily has private data access, receives some untrusted content, and can send outbound messages. You can't eliminate the trifecta — you can only limit each pillar.

Fix: Build with explicit permissions. List permitted integrations in soul.md. Block specific dangerous actions (email sends without approval, file deletes without confirmation). Use our security overview and OpenClaw's security hardening as a reference even if you're not running OpenClaw.

Risk: Runaway scope — the agent does too much

Why it happens: Off-the-shelf agents like OpenClaw enable a huge surface area of capabilities. A custom build risks the same if you add integrations opportunistically.

Fix: Write the PRD first. Define what integrations you need before building them. Add capabilities in phases — don't enable everything at once.

Key Takeaways

  • The "lethal trifecta" (private data + untrusted input + exfiltration vector) always applies to personal AI agents — design against each pillar explicitly.
  • OpenClaw's soul.md / user.md memory architecture is open-source and worth studying, even if you don't run OpenClaw itself.
  • A Claude Code second brain built on custom skills + an Obsidian vault compounds in value the more you use it — each session expands the knowledge graph.
  • Use a PRD to scope what you're building before you build it. Define permissions up front.
  • Keep soul.md and user.md concise — they load into every context window and cost tokens every session.

More OpenClaw & Claude Code news

Run Hundreds of Free Claude Code Agents Using a Local Model via Cowork 3P2026-06-03 Best Claude Code Features Ranked: Top 12 After 500+ Hours of Use2026-06-03 Claude Opus 4.8 + Gemini 3.5 Flash: Build SEO Tools Without Writing Code2026-06-02 How AI Agents Build Unstoppable Institutional Knowledge in Enterprises2026-06-01 7-Layer Agent OS Blueprint: Build Your AI Operating System Free2026-06-01 Claude Opus 4.8 Dynamic Workflows: How to Launch a 1,000-Agent Swarm2026-05-31

See all OpenClaw news →

Go deeper: OpenClaw guides

Hands-on guides to put this into practice:

Setup: Install in 10 Minutes
🔐
Security Hardening
⚙️
Configuration Reference
🛠
Skills Guide: Write Your Own
🧭
Compare Agents
Which agent fits your use case — side-by-side.
⌨️
Command Reference
Every CLI command & flag across platforms.

📬 Weekly Digest — In Your Inbox

One email a week: top news, releases, and our deepest new guide. No spam.