Sage appears to be a real security plugin, but it needs Review because it broadly monitors agent actions, sends some security telemetry to cloud services, and includes source comments describing scanner-avoidance patterns.
Install only if you are comfortable with a security plugin inspecting agent commands, URLs, file paths, write/edit content, and installed plugins; storing local logs and exceptions under ~/.sage; and sending URL/hash/verdict telemetry to Sage/Avast-backed services. Review configuration for community_iq, url_check, file_check, package_check, logging, amsi_check, and pi_check before use.