Back to plugin

Security audit

Brain

Security checks across malware telemetry and agentic risk

Overview

Brain is a disclosed local memory plugin that runs Python and stores cross-conversation agent memory; the main risks are expected for its purpose but users should understand the persistence and install details.

Before installing, make sure you want an agent memory system that persists conversation details across sessions and runs local Python hooks. Verify the intended Python package because the artifacts use several related names, and review or clear stored memories if sensitive information is captured.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:17
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
hooks/yantrik-memory-startup/handler.js:14
Evidence
const result = spawnSync('python3', ['-c', `

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.ts:39
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT], {