Security audit
Honcho Memory
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real Honcho memory plugin, but it should be reviewed carefully because it sends and reuses conversation memory broadly and ships agent instructions that allow high-impact autonomous actions.
Install only if you are comfortable with conversation history and selected legacy memory files being sent to Honcho and reused across future sessions. Disable cross-session search if you need tighter scope, avoid copying the AGENTS.md/BOOTSTRAP.md templates without editing out autonomous delete/commit/push instructions, and prefer environment-variable or secured secret storage for the Honcho API key.
VirusTotal
62/62 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
