Yaoyao Memory Homo
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate memory system, but it stores long-term user context and describes automatic repair/sync behavior whose opt-in and disable boundaries are not fully clear.
Install only if you want a persistent memory layer. Before enabling it, check whether recording requires confirmation, inspect the memory storage paths, keep cloud sync disabled unless needed, use limited API keys, and avoid running optional installers, extension loaders, or scheduled jobs until you understand their effects.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private preferences, decisions, tasks, or sensitive conversation details may be stored and reused later if the memory controls are not configured as expected.
The skill is designed to automatically retain user conversation content across sessions. That is central to the product, but the quickstart does not clearly restate per-memory confirmation or retention limits.
零配置!安装后自动运行。... AI 会自动:... 识别重要信息 — 你说的关键内容会被记住
Before installing, confirm whether recording requires explicit approval, where memories are stored, how to review/delete them, and whether silent or automatic recording is disabled.
The skill may keep maintaining, modifying, or syncing memory data after the immediate task, which could surprise users if they expected only manual invocation.
The documentation describes recurring automatic tasks, including repair and sync. The artifacts do not show a clear scheduler opt-in, stop control, or confirmation boundary for these recurring actions.
健康检查 | 每6小时 | 自动检查+修复 ... IMA同步 | 每日 | 云端备份 ... NAS同步 | 每4小时 | 本地备份
Only enable scheduled maintenance or sync after reviewing the scheduler/configuration, and ensure there is a documented way to pause, disable, and audit automatic jobs.
Configured API keys or cloud credentials could allow the skill to call external services or sync memory data.
The skill discloses optional credentials for LLM, embedding, and IMA cloud sync features. These are purpose-aligned but give the skill access to third-party services if configured.
"optional": ["LLM API Key - 如需 LLM 增强功能", "Embedding API Key - 如需向量搜索功能", "IMA Cloud Sync credentials (~/.config/ima/) - 如需云同步"]
Use scoped credentials where possible, avoid sharing high-privilege keys, and configure cloud sync only if you want memory data sent to that provider.
Loading a local native extension can execute code on the user’s machine if the extension is malicious or replaced.
The security document acknowledges local shared-object extension loading as a high-risk operation requiring confirmation. This can be legitimate for vector search, but it is code-loading behavior.
向量扩展加载 - 加载本地 .so 文件
Load only trusted local extensions, verify hashes where supported, and do not run optional extension or module-loader commands unless you understand what they load.
If the API server is exposed beyond localhost or lacks proper authentication, other local or network clients could query memory status or trigger supported operations.
The skill can expose a local API server for dashboard/Hermes integration. This is purpose-aligned, but it introduces an inter-process/API boundary that should be protected.
启动带 Hermes 的 API Server python3 scripts/api_server.py --port 8765
Run the API server only on localhost, use authentication if available, and avoid exposing the port to untrusted networks.