Back to plugin

Security audit

BytePlus ModelArk

Security checks across malware telemetry and agentic risk

Overview

The plugin's files, instructions, and required credential are consistent with a BytePlus ModelArk provider integration; nothing in the code indicates hidden endpoints or unjustified privileges, although a small metadata inconsistency and an incidental local dev settings file should be noted.

This plugin appears to be a straightforward BytePlus ModelArk provider. Before installing: 1) Be prepared to provide a BytePlus API key (BYTEPLUS_API_KEY) — only give a key from your BytePlus console and consider using a key with minimal scope. 2) Note the small mismatch between the registry metadata (which omitted required env vars) and the plugin manifest — the plugin actually requires BYTEPLUS_API_KEY. 3) The repo includes a .claude/settings.local.json with broad development permissions; that file is a local/dev helper and not part of runtime, but review it if you audit repository permissions. 4) Only install plugins from sources you trust; if you need stronger assurance, inspect the plugin code yourself or run it in a constrained environment and monitor outbound network activity to confirm it only contacts the declared BytePlus endpoints.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.