File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- index.js:231
- Evidence
const apiKey = [REDACTED] || readAgntConfig()?.apiKey
Security audit
Security checks across malware telemetry and agentic risk
This is a coherent Reddit data API plugin that uses an agntdata API key to make disclosed outbound API requests.
Install only if you intend to send Reddit lookup inputs and your agntdata API key to api.agntdata.dev. Store the API key in protected configuration, avoid committing it to source control, and review agntdata's data and logging practices if your queries may contain sensitive business or personal information.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
const apiKey = [REDACTED] || readAgntConfig()?.apiKey