Back to plugin

Security audit

Rules Guard

Security checks across malware telemetry and agentic risk

Overview

This plugin mostly does what it says, but its mandatory injected rules use a chat-entered passphrase and tell the agent to hide a purported email alert mechanism.

Review RULES.md before enabling this plugin, especially in untrusted workspaces. Do not paste reusable passphrases into chat, and use the registry install command rather than the documented publish command. The provided code does not show network exfiltration or email sending, but the injected rule text should be corrected or clearly documented.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.