Security audit
Relay Workspace
Security checks across malware telemetry and agentic risk
Overview
The plugin’s remote workspace file access is mostly disclosed and purpose-aligned, but its delete and path-boundary protections are weaker than the documentation claims.
Install only if you trust the Relay/Gateway environment and have backups of the workspace. Before using destructive operations, prefer a version that explicitly blocks deleting the workspace root and correctly handles symlinks or other paths that could escape the workspace.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
