Back to plugin

Security audit

AANA Runtime Connector

Security checks across malware telemetry and agentic risk

Overview

This plugin appears to do what it claims: it registers tools that call a user-configured local AANA bridge and does not request unrelated credentials or install extra software.

Before enabling it, confirm that the local AANA bridge you configure is trusted, because the plugin will send planned actions or answer payloads to that local service for checking. Keep those payloads minimal and redacted, as the README recommends. Also consider whether you want agents to be allowed to provide bridgeBaseUrl per call, even though the code restricts it to loopback HTTP hosts.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.