Back to plugin

Security audit

Manifest Model Router

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Manifest cloud LLM router plugin, and its requested capabilities match that purpose.

Before installing, understand that using this plugin means your LLM requests may be routed through Manifest's cloud service at app.manifest.build. The API key requirement fits the purpose, and no unrelated credentials are requested. The main caveat is transparency: the metadata says there are no declared env vars even though the docs mention MANIFEST_API_KEY, and the provided source listing was partially truncated, so reviewing the full runtime bundle would increase confidence.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution, suspicious.env_credential_access, suspicious.exposed_secret_literal

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
__tests__/build.test.ts:23
Evidence
it("does not contain eval( calls", () => {

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:2
Evidence
"use strict";var ENV={API_KEY:"MANIFEST_API_KEY",ENDPOINT:"MANIFEST_ENDPOINT"},API_KEY_PREFIX="mnfst_",DEFAULTS={ENDPOINT:"https://app.manifest.build",SERVICE_N...

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
__tests__/config.test.ts:150
Evidence
const result = parseConfig({ apiKey: "[REDACTED]" });

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:2
Evidence
"use strict";var ENV={API_KEY:"[REDACTED]",ENDPOINT:"MANIFEST_ENDPOINT"},API_KEY_PREFIX="mnfst_",DEFAULTS={ENDPOINT:"https://app.manifest.build",SERVICE_NAME:"o...

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js.map:4
Evidence
"sourcesContent": ["// Environment variable names (fallback when plugin config is missing)\nexport const ENV = {\n  API_KEY: '[REDACTED]',\n  ENDPOINT: 'MANIFES...

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/constants.ts:3
Evidence
API_KEY: '[REDACTED]',