Elephas

Elephas appears to do what it claims (ingest journals, reconcile identities, write a Chronicle DB), but there are a few things to check before installing: - Cron and self‑update: The README says Elephas will register cron jobs (periodic ingest/consolidation and a nightly self-update from GitHub). Confirm whether the OpenClaw platform will perform these system changes on your behalf and whether you are comfortable with automated pulls from an external GitHub repo. Automatic self‑update + scheduled tasks is the biggest risk here. - External code fetch: The SKILL.md/README reference installing from a GitHub URL. If you install, review the GitHub source first (or permit only vetted releases). An installer that downloads code is higher risk than an instruction‑only skill. - Broad filesystem access: Elephas reads all other skill journals (~/openclaw/journals/*/). That is necessary for its consolidation role, but means it will process any sensitive data other skills emit. Make sure you trust the skill and the environment it runs in. - Persistent writes: Elephas is the sole writer of Chronicle — it will modify ~/openclaw/db/ocas-elephas/chronicle.lbug. Back up important data before first run and consider running initial passes in observation (scan-only) mode if available. - Mitigations to consider: restrict or review the install process; require manual approval for cron registration/self‑update; run first runs with read-only DB or in a sandbox; audit the GitHub repo for recent changes; limit filesystem permissions if your platform supports capability scoping. If you want, I can: (a) list exact lines that declare cron/self-update and the install URL, (b) suggest safe install steps, or (c) draft a checklist to review the upstream GitHub source before allowing automatic updates.