Back to plugin

Security audit

Mautic Control

Security checks across malware telemetry and agentic risk

Overview

The package is a coherent Mautic administration plugin with powerful but disclosed, purpose-aligned controls and no evidence of hidden persistence, exfiltration, or deceptive behavior.

Install this only for agents you trust to help administer a Mautic instance. Use least-privilege Mautic credentials, keep workspace and console options disabled unless needed, keep the console bridge private, and review any proposed create, update, delete, migration, or automation job before allowing it.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
lib/runtime.js:145
Evidence
|| process.env.MAUTIC_ALLOW_MAINTENANCE_COMMANDS !== undefined