Back to plugin

Security audit

Guardrail Bridge

Security checks across malware telemetry and agentic risk

Overview

I could not inspect the workspace artifacts because local command execution failed, and the supplied telemetry alone does not provide evidence of suspicious behavior.

Before installing, review the actual package artifacts directly because this run could not access metadata.json or artifact/ due a local execution sandbox failure.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/config.d.ts:19
Evidence
apiKey: [REDACTED];

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/src/config.js:58
Evidence
base.http.apiKey = [REDACTED];