memoryvault

SUSPICIOUS: The skill is internally coherent as a cloud memory service and uses direct same-domain HTTPS endpoints, not a suspicious installer. However, it asks the agent to read a local credential file and routinely send broad session knowledge to a third-party hosted service, with added messaging/sharing/public features and exposure to untrusted remote content. The main risk is over-collection and externalization of sensitive context, not confirmed malware.