Security audit
Yaoyao Memory
Security checks across malware telemetry and agentic risk
Overview
This is mostly a real memory plugin, but it has unsafe file path handling that can read or delete files outside its memory folder and it automatically removes old skill folders.
Review before installing. Only use this plugin if you are comfortable with automatic long-term conversation memory, and avoid enabling external embedding/LLM providers unless you trust the configured endpoint. The file path and deletion issues should be fixed or mitigated before relying on the forget/get tools or running it in an environment with important local Markdown files or existing skill folders.
VirusTotal
44/44 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
