Security audit
Formative Memory
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real memory plugin whose local database, recall tools, embeddings, and consolidation behavior match its stated purpose, though it can store conversation-derived memories and send memory text to configured AI providers.
This looks internally consistent for a memory plugin. Before installing, decide whether you are comfortable with it storing memories locally and, depending on configuration, sending stored memory text, recall queries, or recent conversation text to your configured embedding/LLM provider. Review settings such as autoCapture, autoRecall, requireEmbedding, dbPath, and logQueries if privacy matters. No obvious unrelated credential requests or suspicious external installer behavior were shown, but confidence is medium because the large bundled JavaScript files were only partially visible in the provided artifact.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
