Security audit
Metacognitive Memory
Security checks across malware telemetry and agentic risk
Overview
The plugin is a plausible local memory tool, but the shipped code logs conversations automatically despite opt-in claims and has real session-isolation gaps.
Only consider installing after the publisher ships a clean build where automatic capture is disabled unless allowConversationAccess is explicitly true, sensitive-data redaction is actually present in the executable code, source conflict markers are removed, and all mutating tools enforce session_id ownership. Do not use this release in sensitive workspaces.
VirusTotal
65/65 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
