Back to plugin

Security audit

DebugBundle

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent DebugBundle integration, with disclosed credential use and optional tools that can change DebugBundle account resources.

Install only if you trust DebugBundle with the projects and credentials available to the agent. Keep mutation tools allowlisted narrowly, review billing/member/token/webhook/project permissions before enabling them, and use a trusted apiBaseUrl because bearer tokens are sent to that host.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:6303
Evidence
password: [REDACTED],