Back to plugin

Security audit

Smart Context Engine

Security checks across malware telemetry and agentic risk

Overview

This looks like a real local context-memory plugin, but it automatically persists and reuses conversation/workspace context and runs Python shell code with hard-coded, under-declared setup.

Install only if you intentionally want an always-on local memory/context plugin. Before using it, review or change the hard-coded database paths, confirm the Python embedding code you are willing to run, and make sure you are comfortable with conversation and workspace details being stored and reused in later agent context.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/engine.js:414
Evidence
result = execSync(`${PYTHON} ${tmpFile}`, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/engine.ts:515
Evidence
result = execSync(`${PYTHON} ${tmpFile}`, {