schelling

SUSPICIOUS. The stated purpose is shared-memory recall, but the footprint is overly broad: it mandates sending every request to a third-party service before any reasoning, requires full network access on all tasks, executes an external npm package via npx, and encourages automatic write-back of task-derived insights. These behaviors are coherent with a hosted memory product, but the scope and mandatory remote data flow are disproportionate and create meaningful privacy and supply-chain risk.