Back to plugin

Security audit

Lm Security

Security checks across malware telemetry and agentic risk

Overview

This looks like a real security-monitoring plugin, but its code shows under-disclosed credential handling, a hardcoded secret-like value, TLS verification bypass, and shell command execution that should be reviewed before use.

Install only if you trust the publisher and are comfortable with a local monitoring plugin that can inspect MCP configs, store audit activity, run scanner commands, and make network requests. Before enabling it, review the request and credential-handling code, keep TLS verification enabled, remove or rotate any embedded secret, restrict monitored paths, and run it with the least environment access possible.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+2 more)

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.mjs:8856
Evidence
var match = EXTRACT_TYPE_REGEXP.exec(type);

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/build.js:23
Evidence
execSync(command, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/cli/check.ts:20
Evidence
const output = execSync(cmd, { stdio: "pipe" }).toString().trim();

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/command-security.ts:39
Evidence
name: "socat exec (reverse shell / command relay)",

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/config-scanner.ts:2246
Evidence
const auditOutput = execSync(

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/scan-port/index.ts:141
Evidence
const output = execSync(cmd, {

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
dist/web/static/js/index-CDE6LuYo.js:54
Evidence
*/var Gv=Kv("renderState"),zv=function(){function t(e){b(this,t),this.renderQueue=[],Object.defineProperty(this,Gv,{writable:!0,value:{restoreStack:[],prevObjec...

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
src/server/web/static/js/index-CDE6LuYo.js:54
Evidence
*/var Gv=Kv("renderState"),zv=function(){function t(e){b(this,t),this.renderQueue=[],Object.defineProperty(this,Gv,{writable:!0,value:{restoreStack:[],prevObjec...

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.mjs:10387
Evidence
return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || "";

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.mjs:41613
Evidence
const password = [REDACTED] || "";

HTTPS certificate verification is disabled.

Warn
Code
suspicious.insecure_tls_verification
Location
dist/index.mjs:43208
Evidence
httpsAgent: !verifySsl ? new https2.Agent({ rejectUnauthorized: false }) : void 0,

HTTPS certificate verification is disabled.

Warn
Code
suspicious.insecure_tls_verification
Location
src/request.ts:86
Evidence
? new https.Agent({ rejectUnauthorized: false })