Security audit
Marq Memory
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, docs, and runtime instructions are consistent with its stated purpose: a local, markdown-first memory system that reads markdown under a configured workspace and appends to daily notes.
This plugin is coherent and implements exactly what it claims: local markdown search and append-only daily notes. Before enabling, point workspaceRoot to a specific folder containing only the markdown you want the agent to index (do not point it at your entire home directory). Review the repo if you prefer (tests are included) and run npm test in a safe environment. Note that the plugin will create and append to memory/YYYY-MM-DD.md under the configured workspace, so back up or .gitignore files as needed. Autonomous invocation is allowed by default on the platform—if you want to limit automatic use, keep autoRecall disabled and control when tools are called.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
