Security audit
DeepLake
Security checks across malware telemetry and agentic risk
Overview
DeepLake appears to be a real shared-memory plugin, but it automatically uploads and reuses chats across a DeepLake organization, creates a long-lived token, and makes itself load after restarts.
Install only if you are comfortable with your conversations being stored in DeepLake cloud memory and potentially shared across your DeepLake organization. Before authenticating, verify the package identity, decide whether to disable autoCapture or autoRecall, understand how to delete stored memories and revoke the token, and avoid using it for secrets or confidential work unless this data flow is acceptable.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
