Elite Longterm Memory

OpenClaw analysis

The skill's requirements and instructions are consistent with a scaffolding/documentation-first memory system: it creates local memory files, recommends vector/third-party services, and asks only for an OpenAI key; nothing in the package appears disproportionate or covert.

Confidence: high

VirusTotal

Type: OpenClaw Skill Name: elite-longterm-memory Version: 1.2.3 The skill bundle provides a multi-layered memory system for AI agents. While the `bin/elite-memory.js` script performs benign local file system operations, the `SKILL.md` contains instructions for the AI agent that involve executing external Python scripts (`python3 skills/git-notes-memory/memory.py`), installing npm packages (`npm install mem0ai`), and running external binaries (`supermemory`). These actions introduce supply chain risks and potential shell injection vulnerabilities if the external scripts or their arguments are not properly secured. Additionally, the `SKILL.md` instructs the agent to perform certain actions 'SILENTLY', which is a prompt injection technique, though in this context it appears intended for managing agent verbosity rather than hiding malicious activity. The `rm -rf` command is also present for a 'nuclear option' memory clear. These capabilities, while potentially useful for the stated purpose, carry significant risks without clear evidence of intentional malice.