Back to plugin

Security audit

Agent Permissions

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local permission-gating plugin that controls tool approvals and persists rule changes, with no evidence of hidden networking or malicious behavior.

Install this only if you want a plugin that can gate all agent tool calls and maintain local permission rules. Review your allow, deny, ask, skipSessionPatterns, and protectPermissions settings carefully, because broad allow rules or disabling self-protection can materially weaken approval controls.

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
tests/tools.test.ts:150
Evidence
assert.ok(after?.block, "direct file edit should take effect on next eval (mtime reload)");