Back to plugin

Security audit

memgraph

Security checks across malware telemetry and agentic risk

Overview

This skill is a real long-term memory tool, but it automatically saves chat history indefinitely and exposes memory through a network server that appears unauthenticated.

Only install this if you want persistent cross-session memory. Run the server on localhost only, protect it with a firewall/auth token, avoid sensitive chats unless you have deletion/retention controls, and verify which OpenAI-compatible provider receives memory-extraction data.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.ts:16
Evidence
const MEMGRAPH_URL = process.env.MEMGRAPH_URL || "http://localhost:18821";