Security audit
KadiConnect — Digital Business Cards
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, instructions, and configuration consistently implement a KadiConnect API client for managing digital business cards and do not request unrelated credentials or perform unexpected actions.
This plugin appears coherent and implements a normal API client for kadiconnect.com. Before installing: 1) Confirm you trust https://kadiconnect.com and the published package source (check the GitHub repository and homepage). 2) Be prepared to provide a KadiConnect API key (stored in the plugin config as a secret). 3) If you do not want the agent to create accounts autonomously, restrict autonomous invocation or avoid calling the register tool — the plugin can register accounts programmatically. 4) Verify package integrity (versions and checksums) when installing from npm, and ensure the runtime environment provides fetch (or the platform provides equivalent HTTP support).
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
