Back to plugin

Security audit

Spark Memory

Security checks across malware telemetry and agentic risk

Overview

This appears to be a cloud-backed memory plugin that largely does what it claims, but installing it means conversation-derived information may be sent to Zellin’s service.

This plugin is coherent with its description: it is designed to remember information across sessions using Zellin’s cloud API. The main thing to consider is privacy, not mismatch: auto-capture is enabled by default, memories are org-scoped, and conversation-derived facts or summaries may be uploaded to https://zellin.ai/api unless you change the API URL. Review whether you are comfortable sending that information to this service, and consider disabling autoCapture if you only want manual memory storage. Confidence is medium because the provided index.ts content was truncated, so the full runtime behavior could not be completely reviewed.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.potential_exfiltration

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
index.ts:703
Evidence
const content = fs.readFileSync(event.sessionFile, 'utf-8');