Security audit
solana-deploy-memory-hook
Security checks across malware telemetry and agentic risk
Overview
The code, SKILL.md, and hook metadata are internally consistent: the package only reads/writes workspace memory markdown files and injects a generated MEMORY.md into the agent bootstrap context.
This hook appears to do what it says: it will create/ensure memory/*.md files and write a workspace-level MEMORY.md, then add that file to the agent bootstrap context. Before installing, confirm that (1) the workspace.dir referenced is the intended workspace, (2) the memory files do not contain any secrets you don't want visible to the agent (anything added to MEMORY.md becomes part of bootstrap context), and (3) you trust the plugin source. If you want extra assurance, inspect handler.ts locally (it is short and readable) before enabling the hook. Otherwise it is low-risk and scoped to the workspace files only.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
