Back to plugin

Security audit

GotoPlan Manager

Security checks across malware telemetry and agentic risk

Overview

This skill broadly matches its plan-management purpose, but it can create persistent local AI agents and run background task dispatches from remote prompts without code-enforced approval boundaries.

Install only if you trust the publisher and the plan-system backend. Before using it, inspect the install scripts, use limited-scope API keys, keep Notion/Feishu sync disabled unless needed, and require explicit approval before cloning AI staff or dispatching tasks.

VirusTotal

67/67 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/ensure-dist.mjs:19
Evidence
execSync("npm run build", { cwd: root, stdio: "inherit", shell: true });