Back to plugin

Security audit

ExperienceEngine

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate coding-agent memory purpose, but this release needs review because its packaged runtime is missing and one hook path downloads and executes a different npm package version at runtime.

Review this before installing. The product concept is coherent, but this release’s runtime packaging is not: the reviewed tarball does not include the declared executable files, and the Claude plugin path can fetch code from npm during startup. Install only if you are comfortable with coding-agent hooks observing prompts/tool activity and with that external runtime behavior; otherwise wait for a release that bundles the expected runtime and pins the same reviewed version.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.