← Back to Skills Marketplace
Elephas
by
Indigo Karasu
· GitHub ↗
· v2.3.0
· MIT-0
283
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install ocas-elephas
Description
Long-term knowledge graph (Chronicle) maintenance. Ingests structured signals from system journals, resolves entity identity, promotes confirmed facts, and g...
Usage Guidance
Elephas appears to do what it claims (ingest journals, reconcile identities, write a Chronicle DB), but there are a few things to check before installing:
- Cron and self‑update: The README says Elephas will register cron jobs (periodic ingest/consolidation and a nightly self-update from GitHub). Confirm whether the OpenClaw platform will perform these system changes on your behalf and whether you are comfortable with automated pulls from an external GitHub repo. Automatic self‑update + scheduled tasks is the biggest risk here.
- External code fetch: The SKILL.md/README reference installing from a GitHub URL. If you install, review the GitHub source first (or permit only vetted releases). An installer that downloads code is higher risk than an instruction‑only skill.
- Broad filesystem access: Elephas reads all other skill journals (~/openclaw/journals/*/). That is necessary for its consolidation role, but means it will process any sensitive data other skills emit. Make sure you trust the skill and the environment it runs in.
- Persistent writes: Elephas is the sole writer of Chronicle — it will modify ~/openclaw/db/ocas-elephas/chronicle.lbug. Back up important data before first run and consider running initial passes in observation (scan-only) mode if available.
- Mitigations to consider: restrict or review the install process; require manual approval for cron registration/self‑update; run first runs with read-only DB or in a sandbox; audit the GitHub repo for recent changes; limit filesystem permissions if your platform supports capability scoping.
If you want, I can: (a) list exact lines that declare cron/self-update and the install URL, (b) suggest safe install steps, or (c) draft a checklist to review the upstream GitHub source before allowing automatic updates.
Capability Analysis
Type: OpenClaw Skill
Name: ocas-elephas
Version: 2.3.0
The skill implements a high-risk self-update mechanism in SKILL.md (elephas.update) that downloads code from a remote GitHub repository and overwrites its own files, creating a vector for supply-chain attacks and remote code execution. It also requests broad read access to all other skill journals (~/openclaw/journals/*/) and establishes persistence via cron jobs for automated updates. While these features are functionally aligned with the stated purpose of a centralized long-term memory system, the implementation of self-modifying code and wide data access represents a significant attack surface.
Capability Assessment
Purpose & Capability
The skill's name/description (Chronicle writer/knowledge graph manager) aligns with its declared filesystem reads/writes (~/openclaw/journals/*, ~/openclaw/db/ocas-elephas) and the commands it exposes (ingest, consolidate, query, promote, merge). Access to other skills' journals and an embedded single-file DB is coherent with the stated purpose.
Instruction Scope
SKILL.md and references describe scanning all skill journals, reading intake files, writing an authoritative Chronicle DB, and creating Action Journals — all expected. However the README and headers also describe registering cron jobs (ingest/ deep/ update) and a self-update command that pulls from GitHub. Those behaviors modify system scheduling and fetch external code; they expand scope beyond pure data management and are not reflected as explicit install/runtime permissions in the registry metadata.
Install Mechanism
The registry shows no install spec, but SKILL.md header and README include an 'openclaw skill install https://github.com/indigokarasu/elephas' line and an `elephas.update` that pulls from GitHub. If an installer downloads/extracts code from GitHub and installs cron jobs, that is a higher‑risk install mechanism; the registry/manifest did not declare that install action explicitly.
Credentials
The skill requests no environment variables or external credentials, and the skill.json declares only filesystem read/write under ~/openclaw which matches its purpose. That said, it expects access to every skill's journal directory (~/openclaw/journals/*/) — necessary for its role but broad and capable of exposing other skills' outputs (potentially sensitive data).
Persistence & Privilege
always:false and default autonomous invocation are fine. But README claims the skill registers cron jobs (every 15 minutes, daily deep pass, nightly self-update). This produces persistent system‑level scheduling (runs outside explicit user invocation) and enables periodic self‑updates from GitHub — a privileged capability that increases blast radius if the source changes or is malicious. The registry did not surface this persistence behavior explicitly.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ocas-elephas - After installation, invoke the skill by name or use
/ocas-elephas - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.3.0
Version 2.3.0 (ocas-elephas)
- Added comprehensive README.md with usage and install instructions.
- Introduced references/init_pattern.md documenting the DB initialization pattern.
- Updated SKILL.md: clarified use cases, added install/source info, detailed new commands and run completion steps, described 'elephas.update' for GitHub source pulls.
- Updated config schema to reflect version 2.3.0.
- Reference documentation improved for journal and schema formats.
v2.0.0
- Added references/journal.md to document the Action Journal format and requirements.
- Updated skill README with expanded storage layout, config example, and clear auto-initialization and database rules.
- Clarified background operation, write authority, and parallel journal consumption (Elephas vs. Mentor).
- Detailed command descriptions and responsibilities, including explicit query examples and status reporting.
- Enhanced instructions on identity resolution states and candidate promotion/rejection workflow.
v1.1.0
- Initial public release of Elephas skill for long-term knowledge graph (Chronicle) maintenance.
- Enables ingestion of structured signals, candidate promotion/rejection, entity identity resolution, and inference generation.
- Provides commands for querying and maintaining Chronicle data structure.
- Establishes strict write authority: only Elephas writes to Chronicle; other skills may query, not modify.
- Details Chronicle’s memory lifecycle, consolidation process, identity resolution rules, supporting files, and validation requirements.
Metadata
Frequently Asked Questions
What is Elephas?
Long-term knowledge graph (Chronicle) maintenance. Ingests structured signals from system journals, resolves entity identity, promotes confirmed facts, and g... It is an AI Agent Skill for Claude Code / OpenClaw, with 283 downloads so far.
How do I install Elephas?
Run "/install ocas-elephas" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Elephas free?
Yes, Elephas is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Elephas support?
Elephas is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Elephas?
It is built and maintained by Indigo Karasu (@indigokarasu); the current version is v2.3.0.
More Skills