File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- dist/src/config.d.ts:19
- Evidence
apiKey: [REDACTED];
Security audit
Security checks across malware telemetry and agentic risk
I could not inspect the workspace artifacts because local command execution failed, and the supplied telemetry alone does not provide evidence of suspicious behavior.
Before installing, review the actual package artifacts directly because this run could not access metadata.json or artifact/ due a local execution sandbox failure.
60/60 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
apiKey: [REDACTED];
base.http.apiKey = [REDACTED];