Back to plugin

Security audit

Yaoyao Memory

Security checks across malware telemetry and agentic risk

Overview

This is mostly a real memory plugin, but it has unsafe file path handling that can read or delete files outside its memory folder and it automatically removes old skill folders.

Review before installing. Only use this plugin if you are comfortable with automatic long-term conversation memory, and avoid enabling external embedding/LLM providers unless you trust the configured endpoint. The file path and deletion issues should be fixed or mitigated before relying on the forget/get tools or running it in an environment with important local Markdown files or existing skill folders.

VirusTotal

44/44 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.