Back to plugin

Security audit

SoundChain

Security checks across malware telemetry and agentic risk

Overview

SoundChain has legitimate music and messaging features, but it also gives agents broad command-routing and persistent credentialed messaging abilities that should be reviewed before installation.

Install only if you trust SoundChain and need the War Room and Pulse messaging features. Use a dedicated bot token, keep auto-follow off unless intentional, isolate or disable the SCid Worker/Ollama integrations if you do not need command execution, and require approval for any bash, file-read, build, or account-mutating actions.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/responder.ts:89
Evidence
const proc = spawn(CLAUDE_BIN, args, {

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/responder.ts:24
Evidence
const GIPHY_API_KEY = process.env.GIPHY_API_KEY ?? ""; // Optional — enables GIF replies

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/warroom.ts:65
Evidence
mini: { ip: process.env.FLEET_MINI_IP ?? "192.168.1.22", role: "Headless test runner, CI/CD" },