Lm Security
Security checks across malware telemetry and agentic risk
Overview
This looks like a real security-monitoring plugin, but its code shows under-disclosed credential handling, a hardcoded secret-like value, TLS verification bypass, and shell command execution that should be reviewed before use.
Install only if you trust the publisher and are comfortable with a local monitoring plugin that can inspect MCP configs, store audit activity, run scanner commands, and make network requests. Before enabling it, review the request and credential-handling code, keep TLS verification enabled, remove or rotate any embedded secret, restrict monitored paths, and run it with the least environment access possible.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Secrets such as API keys in the environment could be read and sent in ways the user did not expect.
This retrieves environment variables by key; the static scan labels the location as environment-variable access combined with network send, while the registry declares no env vars or primary credential.
return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || "";
Declare the exact environment variables and destinations used, allow-list credential keys, avoid sending secrets in telemetry, and redact credentials from logs and requests.
A shared or embedded credential could be exposed to anyone who installs or inspects the package, or could create weak authentication assumptions.
The bundled distribution contains a hardcoded password/secret-like literal according to the static scan, with no corresponding credential disclosure in the metadata.
const password = [REDACTED] || "";
Remove hardcoded secrets, rotate the value if it is real, and require user-provided credentials through documented secure configuration.
If enabled, a network attacker or misconfigured proxy could intercept or modify security data or credentials sent by the plugin.
The request code can disable HTTPS certificate verification when verifySsl is false, which weakens transport security for outbound requests.
? new https.Agent({ rejectUnauthorized: false })Default TLS verification to on, require explicit user opt-in for self-signed certificates, and warn clearly when certificate validation is disabled.
A bug or unsafe command construction path could run unintended local commands on the user's machine.
The scanner executes local shell commands. This can be purpose-aligned for port/config auditing, but the command string and invocation boundaries are high-impact.
const output = execSync(cmd, {Keep command execution allow-listed and non-mutating, avoid user-controlled shell strings, document when commands run, and request confirmation for any high-impact operations.
Sensitive local MCP configuration or agent activity may be scanned and potentially stored in audit data.
The plugin asks for MCP config paths, so it may inspect local agent configuration that can contain server commands, private endpoints, or secrets.
"description": "Paths to MCP config files to monitor"
Point it only at intended config files, review where audit data is stored, and ensure secrets are redacted from logs and dashboard output.