Back to plugin

Security audit

HPC-AI

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward HPC-AI model provider plugin that asks for the expected HPC-AI API key and routes requests to the documented HPC-AI endpoint.

This plugin looks internally consistent. If you install it, expect to provide an HPC-AI API key, and only set HPC_AI_BASE_URL if you intentionally want to route model traffic through a trusted alternate endpoint or proxy. The metadata saying there are no env vars is worth noting, but the API key requirement itself is normal for this kind of provider.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/live-smoke.mjs:1
Evidence
const apiKey = process.env.HPC_AI_API_KEY;