Security audit
BytePlus ModelArk
Security checks across malware telemetry and agentic risk
Overview
The plugin's files, instructions, and required credential are consistent with a BytePlus ModelArk provider integration; nothing in the code indicates hidden endpoints or unjustified privileges, although a small metadata inconsistency and an incidental local dev settings file should be noted.
This plugin appears to be a straightforward BytePlus ModelArk provider. Before installing: 1) Be prepared to provide a BytePlus API key (BYTEPLUS_API_KEY) — only give a key from your BytePlus console and consider using a key with minimal scope. 2) Note the small mismatch between the registry metadata (which omitted required env vars) and the plugin manifest — the plugin actually requires BYTEPLUS_API_KEY. 3) The repo includes a .claude/settings.local.json with broad development permissions; that file is a local/dev helper and not part of runtime, but review it if you audit repository permissions. 4) Only install plugins from sources you trust; if you need stronger assurance, inspect the plugin code yourself or run it in a constrained environment and monitor outbound network activity to confirm it only contacts the declared BytePlus endpoints.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
