Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- index.ts:16
- Evidence
const MEMGRAPH_URL = process.env.MEMGRAPH_URL || "http://localhost:18821";
Security audit
Security checks across malware telemetry and agentic risk
This skill is a real long-term memory tool, but it automatically saves chat history indefinitely and exposes memory through a network server that appears unauthenticated.
Only install this if you want persistent cross-session memory. Run the server on localhost only, protect it with a firewall/auth token, avoid sensitive chats unless you have deletion/retention controls, and verify which OpenAI-compatible provider receives memory-extraction data.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access
const MEMGRAPH_URL = process.env.MEMGRAPH_URL || "http://localhost:18821";