Back to plugin

Security audit

Guardian

Security checks across malware telemetry and agentic risk

Overview

Guardian includes plausible security-monitoring components, but its metadata underdiscloses that it runs a persistent Python backend and exposes broad event-bus control functions.

Review this skill before installing. It appears to include useful security-monitoring code, but you should expect it to run python3 as a persistent local backend and store local audit data. Install only if you trust the publisher, can inspect the bridge/backend code, and are comfortable with the event-bus administration functions it exposes.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:21
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.ts:42
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
tests/test_guardian.py:151
Evidence
"Here is your API key: [REDACTED]",