Security audit
AANA Runtime Connector
Security checks across malware telemetry and agentic risk
Overview
This plugin appears to do what it claims: it registers tools that call a user-configured local AANA bridge and does not request unrelated credentials or install extra software.
Before enabling it, confirm that the local AANA bridge you configure is trusted, because the plugin will send planned actions or answer payloads to that local service for checking. Keep those payloads minimal and redacted, as the README recommends. Also consider whether you want agents to be allowed to provide bridgeBaseUrl per call, even though the code restricts it to loopback HTTP hosts.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
