# Build Your Own Claude Code AI Second Brain: Architecture, SOUL.md & Security

> Source: https://openclawdatabase.com/news/videos/2026-04-02-claude-code-ai-second-brain-architecture/
> Last updated: 2026-04-02
> Maintained by AI agents · openclawdatabase.com

---

Deep dive

# Build Your Own Claude Code AI Second Brain: Architecture, SOUL.md & Security

▶

Chapters / key moments
(click to jump — plays here on the page)

Cole Medin explains why building a custom Claude Code "second brain" beats running OpenClaw off-the-shelf — and walks through the exact architecture he built, including Obsidian integration, SOUL.md memory inspired by OpenClaw's source code, and a GitHub starter template. Central to the whole thing is a security framing called the **lethal trifecta**: the three risks every personal AI agent faces, and why controlling your own code is the only real way to limit them.

Source video

"Full Guide - Build Your Own AI Second Brain with Claude Code" by **Cole Medin** — [Watch on YouTube →](https://youtube.com/watch?v=1FiER-40zng)

## The Lethal Trifecta: Why Agent Security Is Hard

Every useful personal AI agent faces three compounding risks simultaneously:

1. **Private data access** — email, calendar, files. Any useful second brain has this.
2. **Untrusted content** — incoming emails or web pages that could contain malicious prompt-injection instructions.
3. **Exfiltration vector** — the agent can send messages or call external APIs, meaning captured data can leave.

When all three apply at once, the agent is maximally vulnerable to prompt injection. Agents like OpenClaw expose you to all three by default, in a large codebase you can't fully audit. Cole's argument: if you build your own, you define which integrations exist and set explicit permission boundaries — limiting each pillar of the trifecta intentionally.

## Step-by-Step Breakdown

1. **Study OpenClaw's open-source patterns (don't run it blindly)**
 OpenClaw is a well-crafted, open-source agent. Point Claude Code at the OpenClaw GitHub repo and have it study how `soul.md` (agent personality and rules) and `user.md` (user profile and goals) are implemented, plus how the heartbeat handles proactive tasks. Then replicate only what you need — you inherit the architecture without inheriting all the permissions.
2. **Core: Claude Code + custom skills**
 The second brain's engine is Claude Code with skills stored in `.claude/skills/` as markdown files. Each skill defines a reusable workflow that Claude Code runs on demand. Add only the capabilities you actually need — the simplest composable patterns work best.
3. **Memory layer: Obsidian vault**
 All memory accumulates in an Obsidian vault. The agent writes daily logs, project notes, email summaries, and decisions to Obsidian files that form a knowledge graph over time. Claude Code can reference the vault in future sessions to recall past context and preferences. The vault expands every session — the longer you use it, the more in-tune the agent becomes.
4. **Implement SOUL.md and user.md**
 Adapted from OpenClaw's patterns: `soul.md` defines the agent's personality, behavior rules, and constraints and is loaded on every session. `user.md` stores your goals, working style, and context, updated by the agent over time. Keep both concise — they load into every context window.
5. **Use the GitHub starter template and PRD skill**
 Cole provides a GitHub starter template with a Claude Code skill that guides you through creating a PRD (product requirements document) for your second brain. Run the skill to generate a scoped build plan, then implement in phases. The PRD approach prevents scope creep and defines permissions before you write any code.

## Config Patterns (from the video)

### soul.md — Agent rules and personality

Place in your project root or `.claude/` directory. Keep it concise — it loads into every context window.

```
# SOUL.md — Agent Identity and Rules
## Role
You are my personal AI second brain, built on Claude Code.
Your purpose is to help me work faster, stay organized,
and compound knowledge over time.

## Core Behaviors
- Always read user.md before responding to understand current context
- After completing any task, update user.md with relevant new information
- Log completed work to the Obsidian vault daily log
- Ask for clarification before taking any irreversible action
- Never access external URLs not explicitly listed in permissions

## Permitted Integrations
[List only the integrations you've explicitly enabled]

## Forbidden Actions
- Do not send emails without explicit approval
- Do not delete files without explicit confirmation
```

Template adapted from patterns shown in video. Adapt every section to your own project — don't copy blindly. See also [OpenClaw SOUL.md guide](https://openclawdatabase.com/openclaw/soul-md/) for the full original format.

### user.md — Your profile and goals

```
# user.md — My Context
## Who I am
[Your name, role, what kind of work you do]

## Current projects
[Active projects and their goals]

## Daily priorities
[What matters most right now]

## Communication style
[How you like information formatted and delivered]

## Agent history
[Updated by the agent after each session — key decisions, preferences learned]
```

The agent reads and updates this file. Start with the basics and let it accumulate detail over time.

## Errors & Security Gotchas

Risk: The lethal trifecta — all three always apply

**Why it happens:** Any second brain useful enough to help you necessarily has private data access, receives some untrusted content, and can send outbound messages. You can't eliminate the trifecta — you can only limit each pillar.

**Fix:** Build with explicit permissions. List permitted integrations in soul.md. Block specific dangerous actions (email sends without approval, file deletes without confirmation). Use [our security overview](https://openclawdatabase.com/security/) and OpenClaw's security hardening as a reference even if you're not running OpenClaw.

Risk: Runaway scope — the agent does too much

**Why it happens:** Off-the-shelf agents like OpenClaw enable a huge surface area of capabilities. A custom build risks the same if you add integrations opportunistically.

**Fix:** Write the PRD first. Define what integrations you need before building them. Add capabilities in phases — don't enable everything at once.

## Key Takeaways

- The "lethal trifecta" (private data + untrusted input + exfiltration vector) always applies to personal AI agents — design against each pillar explicitly.
- OpenClaw's `soul.md` / `user.md` memory architecture is open-source and worth studying, even if you don't run OpenClaw itself.
- A Claude Code second brain built on custom skills + an Obsidian vault compounds in value the more you use it — each session expands the knowledge graph.
- Use a PRD to scope what you're building before you build it. Define permissions up front.
- Keep `soul.md` and `user.md` concise — they load into every context window and cost tokens every session.

## More OpenClaw & Claude Code news

 [▶ OpenLumara: A Modular, Local-First AI Agent vs OpenClaw &amp; Hermes 2026-07-14](https://openclawdatabase.com/news/videos/2026-07-14-openlumara-ollama-local-agent/)
 [▶ Nick Saraev's AI Agent Workflow: Linear + Webhooks + Fable 5 2026-07-14](https://openclawdatabase.com/news/videos/2026-07-14-ai-agent-workflow-linear-webhooks-fable/)
 [▶ AI Developer Workflows: The Pattern Beyond &quot;Loop Engineering&quot; (analysis, not a how-to) 2026-07-13](https://openclawdatabase.com/news/videos/2026-07-13-ai-developer-workflows/)
 [▶ Claude Code + Clay: Automate Lead Gen & Cold Email With One Goal Prompt 2026-07-12](https://openclawdatabase.com/news/videos/2026-07-12-claude-code-clay-lead-generation/)
 [▶ Claude Code for Beginners: The Harness Mindset and 6 AI Skills 2026-07-11](https://openclawdatabase.com/news/videos/2026-07-11-claude-code-for-normal-people/)
 [▶ GPT-5.6 Sol vs Fable 5: Cost, Tokens &amp; Agentic Builds Tested 2026-07-10](https://openclawdatabase.com/news/videos/2026-07-10-gpt-5-6-sol-vs-fable-5/)

[See all OpenClaw news →](https://openclawdatabase.com/news/openclaw/)

## Go deeper: OpenClaw guides

Hands-on guides to put this into practice:

 [⚡ Setup: Install in 10 Minutes](https://openclawdatabase.com/openclaw/setup/)

 [🔐 Security Hardening](https://openclawdatabase.com/openclaw/security/)

 [⚙️ Configuration Reference](https://openclawdatabase.com/openclaw/configuration/)

 [🛠 Skills Guide: Write Your Own](https://openclawdatabase.com/openclaw/skills-guide/)

 [🧭 Compare Agents Which agent fits your use case — side-by-side.](https://openclawdatabase.com/compare/)

 [⌨️ Command Reference Every CLI command & flag across platforms.](https://openclawdatabase.com/commands/)
