Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- dist/index.js:107
- Evidence
virustotalApiKey: env.VIRUSTOTAL_API_KEY || process.env.VIRUSTOTAL_API_KEY || '',
Security audit
Security checks across malware telemetry and agentic risk
This looks like a coherent security plugin, but it runs broadly in the background and can persist sensitive detections such as secrets or PII in local audit logs.
Install only if you want an always-on security monitor that can inspect and sometimes block activity. Protect its .env and state directories, keep file uploads disabled unless intended, restrict admin commands such as audit clearing or preinstall-scan disabling, and review audit-log retention/redaction before using it with sensitive prompts or files.
67/67 vendors flagged this plugin as clean.
Detected: suspicious.env_credential_access
virustotalApiKey: env.VIRUSTOTAL_API_KEY || process.env.VIRUSTOTAL_API_KEY || '',