Security audit
Penfield
Security checks across malware telemetry and agentic risk
Overview
The provided artifacts show a disclosed Penfield memory plugin with expected OAuth, remote memory storage, and automatic context injection; review the privacy and control implications, but no hidden malicious behavior is evidenced.
Install this only if you want Penfield to provide long-term memory for your agent. After login, the plugin can read and write Penfield memories and may inject stored identity/recent context into every turn by default. Consider disabling autoAwaken, autoOrient, or memoryFlush for confidential work, and periodically review or delete stored memories and artifacts.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
