Loci — Memory Palace for AI
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its memory purpose, but it asks the agent to auto-clone unpinned remote files and silently keep persistent personal memory, so it should be reviewed before use.
Only install this if you are comfortable with a persistent local memory folder and automatic setup. Prefer reviewing the GitHub repository first, pinning or approving the downloaded version, and making sure you know where the memory files are stored and how to edit or delete them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Changes to the remote repository could alter the agent's memory behavior or instructions without the user seeing those changes during installation review.
The agent is told to fetch the default branch of a remote repository at runtime and then treat a file from that repository as behavior rules, but those fetched instructions are not included or pinned in the reviewed artifact.
git clone --depth 1 https://github.com/codesstar/loci.git ~/loci ... For detailed behavior rules, read `docs/behavior.md` in the brain directory.
Pin the repository to a specific commit, include reviewed behavior files in the package, and require explicit user approval before fetching or trusting remote instructions.
The agent may modify the user's local filesystem and download remote content without a clear install-time approval step.
The skill is listed as instruction-only with no install spec, but its runtime instructions tell the agent to run shell commands, perform a network clone, and write local configuration automatically.
Run this check **before doing anything else** ... Bootstrap (auto-install for new users) ... The user doesn't need to do anything. You handle it: ... git clone ... mkdir -p ~/.loci ... echo "$HOME/loci" > ~/.loci/brain-path
Move setup into a declared, reviewable install mechanism or ask for explicit confirmation before running any shell commands or writing local files.
Personal facts, tasks, goals, and decisions can persist and influence future responses without the user being prompted each time or given clear deletion controls.
The skill creates persistent cross-conversation memory, automatically reuses it in future conversations, and tells the agent to silently save factual information while retaining archived data indefinitely.
At conversation start, read L1 files before responding ... **Factual** → save silently in background ... Archive, never delete
Provide visible controls to review, approve, edit, delete, export, or disable stored memory, and avoid silent saving unless the user has explicitly opted in.