Back to plugin

Security audit

旺小宝

Security checks across malware telemetry and agentic risk

Overview

The artifact review could not be completed because filesystem inspection failed, and no artifact-backed suspicious behavior was available to establish a Review or malicious verdict.

This result is inconclusive: the workspace read attempts failed with a sandbox initialization error, so the package should be rescanned when metadata.json and artifact/ can be inspected directly.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal, suspicious.potential_exfiltration

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.mjs:9
Evidence
const DEFAULT_CLIENT_SECRET = "[REDACTED]";

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
dist/index.mjs:3083
Evidence
const raw = await readFile(tokenFile, "utf-8");