Back to plugin

Security audit

Metacognitive Memory

Security checks across malware telemetry and agentic risk

Overview

The plugin is a plausible local memory tool, but the shipped code logs conversations automatically despite opt-in claims and has real session-isolation gaps.

Only consider installing after the publisher ships a clean build where automatic capture is disabled unless allowConversationAccess is explicitly true, sensitive-data redaction is actually present in the executable code, source conflict markers are removed, and all mutating tools enforce session_id ownership. Do not use this release in sensitive workspaces.

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.