Jasper Recall is a real local memory tool, but it needs Review because it can automatically surface private stored memories and some query paths invoke shell commands unsafely.
Install only after reviewing the privacy tradeoffs. Keep autoRecall off unless you explicitly want stored memories inserted into prompts, set publicOnly true for sandboxed or lower-trust agents, avoid exposing the recall server beyond localhost, and do not enable private HTTP queries on shared hosts. Treat the ChromaDB database, legacy collection, session digests, and shared learnings as sensitive local data.