Back to plugin

Security audit

Cartograph

Security checks across malware telemetry and agentic risk

Overview

Cartograph appears to do what it claims—manage reusable code widgets—but users should know it depends on the separate Cartograph MCP/CLI package and may install it automatically in Claude Code.

This plugin is internally coherent: it is a Cartograph integration and its file access, CLI use, MCP server setup, cloud publishing, and proposal-management behavior all match that purpose. Before installing, decide whether you trust the Cartograph PyPI package (`cartograph-mcp` / `cartograph-cli`) and the Cartograph registry workflow, because the plugin can help publish reusable code widgets when configured to do so. Also check your Cartograph settings, especially `auto-publish`, registry, visibility, and governance, so code is not shared more broadly than you intend.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.