File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- index.js:231
- Evidence
const apiKey = [REDACTED] || readAgntConfig()?.apiKey
Security audit
Security checks across malware telemetry and agentic risk
This plugin is a disclosed agntdata Facebook API connector that sends requested Facebook queries to its remote service using an API key.
Install only if you are comfortable sending Facebook research targets, search terms, URLs, IDs, pagination tokens, and your agntdata API key to agntdata.dev. Use a dedicated API key with appropriate limits and avoid entering secrets or private identifiers as search inputs.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
const apiKey = [REDACTED] || readAgntConfig()?.apiKey