memoriesweave

SUSPICIOUS. The skill's capabilities broadly match its stated MemoriesWeave purpose, but its actual footprint is heavy: it processes full private conversations and photos, caches them locally, and routes authenticated API traffic to a non-brand `convex.site` host instead of a clearly official MemoriesWeave API domain. That endpoint mismatch and the volume of intimate data handled make the skill high-risk even without clear proof of malware.