Back to plugin

Security audit

Magneto AI

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it runs a local Magneto CLI and builds project memory, so users should only install it if they trust that CLI and want agent-wide governance.

This appears to be a coherent governance plugin rather than malware. Before installing, verify the external `magneto-ai` CLI, keep scans limited to the intended project, and understand how Magneto stores project memory and handles approval/blocking decisions.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.ts:93
Evidence
const result = spawnSync(magnetoCmd, args, {