Back to plugin

Security audit

Mimo Stt Publish

Security checks across malware telemetry and agentic risk

Overview

This plugin appears to do the advertised speech-to-text job, but it uploads the selected local audio file and MiMo API key to an external endpoint, so users should configure it carefully.

This looks like a normal API-backed speech-to-text plugin. Before enabling it, confirm you trust the MiMo endpoint, provide a dedicated API key if possible, and only let it process audio files you intend to upload for transcription.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.ts:5
Evidence
const apiKey = api.pluginConfig?.apiKey || process.env.MIMO_API_KEY;

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/stt.mjs:4
Evidence
const KEY = process.env.MIMO_API_KEY;

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.ts:5
Evidence
const apiKey = [REDACTED]?.apiKey || process.env.MIMO_API_KEY;