Back to plugin

Security audit

SayDeploy

Security checks across malware telemetry and agentic risk

Overview

SayDeploy is purpose-aligned, but it gives an auto-downloaded MCP tool broad authority over cloud, payment, database, and developer accounts with unclear limits.

Install only if you trust SayDeploy and are comfortable giving it access to the listed services. Prefer test or least-privilege accounts, check the scopes requested during pairing, require explicit approval for writes/deployments, and be cautious because the MCP server runs an unpinned `saydeploy@latest` package.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.