Back to plugin

Security audit

Tier

Security checks across malware telemetry and agentic risk

Overview

Review recommended: the package is advertised as tier-based tool routing, but the shipped extension starts a persistent Python event-bus process and stores replayable local data.

Install only if you are comfortable with this package running python3 as a persistent local bridge and creating a local event database. Verify that you actually want the event-bus behavior, set dbPath to an isolated location, avoid publishing sensitive payloads, and review the full source/provenance before enabling it.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:21
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.ts:42
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {