Back to plugin

Security audit

automatelab-citation-intelligence

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real citation-analysis tool, but it needs review because it sends queries and URLs to external services, fetches arbitrary URLs from the host, stores results locally, and has a credential-leak risk in error handling.

Install only if you are comfortable with a self-hosted MCP server making outbound requests to AI/search vendors and to user-supplied URLs. Do not use it for confidential queries or internal URLs unless you run it in an egress-restricted environment, and be aware that failed requests may reveal some API keys in logs or tool errors.

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
smithery.yaml:43
Evidence
...([REDACTED] ? { PERPLEXITY_API_KEY: [REDACTED] } : {}),