Back to plugin

Security audit

Penfield

Security checks across malware telemetry and agentic risk

Overview

The provided artifacts show a disclosed Penfield memory plugin with expected OAuth, remote memory storage, and automatic context injection; review the privacy and control implications, but no hidden malicious behavior is evidenced.

Install this only if you want Penfield to provide long-term memory for your agent. After login, the plugin can read and write Penfield memories and may inject stored identity/recent context into every turn by default. Consider disabling autoAwaken, autoOrient, or memoryFlush for confidential work, and periodically review or delete stored memories and artifacts.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.