Loci — Memory Palace for AI
Security checks across malware telemetry and agentic risk
Overview
This memory skill is purpose-aligned, but it auto-clones unpinned remote content and silently persists personal/task memory across conversations.
Install only if you want a persistent local memory system. Before use, review or manually clone the GitHub repository, confirm where ~/loci and ~/.loci data will be stored, and avoid saving highly sensitive personal or work information unless you are comfortable managing and deleting those files yourself.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run setup commands and create local files automatically when the skill is first encountered.
The skill directs the agent to take automatic setup actions before the user's requested task and without explicit approval.
Run this check **before doing anything else** ... If neither exists → **run Bootstrap below** ... The user doesn't need to do anything. You handle it:
Require explicit user approval before running bootstrap commands, and show the user what will be cloned and where files will be written.
A change in the remote repository could alter how the agent behaves or what memory rules it follows after installation.
The skill automatically pulls unpinned remote repository content and later treats a downloaded behavior document as guidance, even though that content was not included in the reviewed artifact set.
git clone --depth 1 https://github.com/codesstar/loci.git ~/loci ... For detailed behavior rules, read `docs/behavior.md` in the brain directory.
Pin the bootstrap to a reviewed release or commit, include the referenced behavior rules in the skill package, and declare the install requirements clearly.
Personal facts, tasks, and decisions may be stored long-term and may influence future conversations, including if outdated or incorrect information is saved.
The skill creates persistent memory that is silently updated and reused across conversations, with no clear deletion, review, or correction workflow.
**Factual** → save silently in background ... At conversation start, read L1 files before responding ... Archive, never delete
Ask before saving personal facts, provide a visible memory review/edit/delete process, and limit what is automatically loaded into future conversations.