Back to plugin

Security audit

Jellyfish Security Plugin

Security checks across malware telemetry and agentic risk

Overview

This looks like a coherent security plugin, but it runs broadly in the background and can persist sensitive detections such as secrets or PII in local audit logs.

Install only if you want an always-on security monitor that can inspect and sometimes block activity. Protect its .env and state directories, keep file uploads disabled unless intended, restrict admin commands such as audit clearing or preinstall-scan disabling, and review audit-log retention/redaction before using it with sensitive prompts or files.

VirusTotal

67/67 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:107
Evidence
virustotalApiKey: env.VIRUSTOTAL_API_KEY || process.env.VIRUSTOTAL_API_KEY || '',