perpetual-memory

SUSPICIOUS: The stated purpose matches a memory/indexing skill, and there is no direct evidence of overt malware, credential theft, or hostile endpoints. However, the skill’s footprint is broad by design: it auto-collects many interactions, invokes an undisclosed local CLI as the core trust boundary, and does not disclose what embedding backend or network endpoints may receive captured content. That makes the data-flow and privacy posture under-specified and riskier than a narrowly scoped local-only memory tool.