Back to plugin

Security audit

Formative Memory

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real memory plugin whose local database, recall tools, embeddings, and consolidation behavior match its stated purpose, though it can store conversation-derived memories and send memory text to configured AI providers.

This looks internally consistent for a memory plugin. Before installing, decide whether you are comfortable with it storing memories locally and, depending on configuration, sending stored memory text, recall queries, or recent conversation text to your configured embedding/LLM provider. Review settings such as autoCapture, autoRecall, requireEmbedding, dbPath, and logQueries if privacy matters. No obvious unrelated credential requests or suspicious external installer behavior were shown, but confidence is medium because the large bundled JavaScript files were only partially visible in the provided artifact.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.