Back to plugin

Security audit

Celiums Cognition

Security checks across malware telemetry and agentic risk

Overview

This is a powerful, mostly coherent memory plugin, but it needs Review because some optional tools can access or retain private project and prompt data more broadly than their docs indicate.

Install only if you want a heavy, persistent cognition stack and can operate it like infrastructure. Keep exposedTools on curated unless you have reviewed the all-tools surface, use a dedicated single-tenant database where possible, avoid logging sensitive prompts through ethics_audit until the retention mismatch is fixed, and verify Docker/network endpoints and credentials before production use.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+3 more)

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/chunk-RWZ5QS2I.js:26
Evidence
const r = spawnSync(cmd, args, { stdio: "inherit" });

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
dist/chunk-662ROSFZ.js:2959
Evidence
const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/chunk-5CO6ZX7U.js:6
Evidence
var ATLAS_URL = (process.env["CELIUMS_ATLAS_URL"] ?? "https://atlas.celiums.ai").replace(/\/$/, "");

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/chunk-662ROSFZ.js:7718
Evidence
const circadianOff = process.env["CELIUMS_RECALL_DISABLE_CIRCADIAN"] === "1";

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/chunk-NON7D4CE.js:10
Evidence
var SEARCH_URL = (process.env["CELIUMS_SEARCH_URL"] ?? "").replace(/\/$/, "");

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/chunk-XBM2XFML.js:31
Evidence
this.baseUrl = (cfg.baseUrl ?? process.env.INFERENCE_URL ?? "https://inference.do-ai.run/v1").replace(/\/+$/, "");

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/chunk-YJHGX4JE.js:6
Evidence
function llmConfigured(env = process.env) {

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:215
Evidence
...process.env,

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/chunk-662ROSFZ.js:14496
Evidence
client_secret: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/store-52EKWAAU.js:344
Evidence
password: [REDACTED],

HTTPS certificate verification is disabled.

Warn
Code
suspicious.insecure_tls_verification
Location
dist/chunk-662ROSFZ.js:13563
Evidence
ssl: /sslmode=require/i.test(cs) || /ondigitalocean\.com/i.test(cs) ? { rejectUnauthorized: false } : void 0

HTTPS certificate verification is disabled.

Warn
Code
suspicious.insecure_tls_verification
Location
dist/store-52EKWAAU.js:346
Evidence
ssl: config.postgres.ssl ? { rejectUnauthorized: false } : void 0

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
dist/compose/docker-compose.yml:117
Evidence
test: ["CMD-SHELL", "curl -sf http://127.0.0.1:9200/_cluster/health || exit 1"]