Back to plugin

Security audit

solana-deploy-memory-hook

Security checks across malware telemetry and agentic risk

Overview

The code, SKILL.md, and hook metadata are internally consistent: the package only reads/writes workspace memory markdown files and injects a generated MEMORY.md into the agent bootstrap context.

This hook appears to do what it says: it will create/ensure memory/*.md files and write a workspace-level MEMORY.md, then add that file to the agent bootstrap context. Before installing, confirm that (1) the workspace.dir referenced is the intended workspace, (2) the memory files do not contain any secrets you don't want visible to the agent (anything added to MEMORY.md becomes part of bootstrap context), and (3) you trust the plugin source. If you want extra assurance, inspect handler.ts locally (it is short and readable) before enabling the hook. Otherwise it is low-risk and scoped to the workspace files only.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.