Back to plugin

Security audit

Yantrik Memory

Security checks across malware telemetry and agentic risk

Overview

Visible artifacts describe a legitimate local memory plugin, but installing it means the agent can run local Python, save conversation-derived memories, and use them automatically in future sessions.

Install only if you want persistent agent memory. Expect local Python execution, a local YantrikDB database, an encryption key file, and startup hooks that refresh/save memory automatically. Avoid storing secrets unless you have verified encryption and deletion controls work for your setup.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:17
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
hooks/yantrik-memory-startup/handler.js:14
Evidence
const result = spawnSync('python3', ['-c', `

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.ts:39
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT], {