Back to plugin

Security audit

Agent Relay

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, instructions, and configuration align with its stated purpose (waking agents and delivering replies to channel); nothing requests unrelated credentials or performs unexplained network exfiltration.

This plugin appears to do exactly what it says: wake agents in their existing sessions and deliver replies to the user channel. Before installing, ensure you: 1) set a strong authToken for the HTTP /notify endpoint; 2) keep gatewayToken secret (it grants gateway RPC privileges); 3) configure allowedTargets to limit which agents can wake which sessions (omit this only if you want global wake ability); 4) run the gateway on localhost or behind proper network controls (the plugin connects to ws://127.0.0.1:<gatewayPort>); and 5) review logs/usage after enabling because agents (or a compromised agent) could be used to spam users if ACLs are too permissive. If you need higher assurance, ask the maintainer whether device identities are intentionally non-persistent and whether gateway pairing/registry policies should be applied.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.