File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- index.js:232
- Evidence
const apiKey = [REDACTED] || readAgntConfig()?.apiKey
Security audit
Security checks across malware telemetry and agentic risk
This plugin mostly matches its social-data purpose, but it also gives agents broad web-scraping and raw webhook-data access through a third-party service, which should be reviewed before installation.
Install only if you trust agntdata with the social queries, target URLs, and any webhook payloads you connect. Avoid using the webhook receiver for secrets or regulated data unless you have reviewed the provider’s retention and logging practices, and prefer scoping delivery checks to a specific endpoint.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
const apiKey = [REDACTED] || readAgntConfig()?.apiKey