Back to plugin

Security audit

Kinde Gate

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Kinde integration, but it handles sensitive identity and authorization data with too little visible scoping and logs more auth context than users should assume is safe.

Install only for trusted operators who are allowed to see Kinde tenant, user, organization, permission, and feature-flag data. Before use, configure least-privilege Kinde credentials, restrict which agents or users can call the tools, and review log handling so session identifiers and permission lists are redacted or retained only in protected audit systems.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:82
Evidence
clientSecret: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/index.ts:130
Evidence
clientSecret: [REDACTED],