memoriesweave

SUSPICIOUS. The skill is mostly coherent with its stated MemoriesWeave design purpose and does not include malware-like installers or obvious credential theft. However, it uses a Convex-hosted API domain instead of a clearly first-party API host, sends the Bearer token across multiple domains, and handles unusually sensitive personal data (photos, conversations, relationship context). This looks more like a high-trust private integration than overtly malicious behavior.