Back to plugin

Security audit

RAGFlow Kit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent RAGFlow knowledge-base plugin, though the package metadata has some sloppy version/source inconsistencies.

This plugin appears to do what it claims: connect your agent to a configured RAGFlow server for search, upload, and deletion. Before installing, make sure the `api_url` points to a RAGFlow server you trust, because the plugin will send the configured API key and uploaded/search content there. Also note the minor packaging inconsistencies: registry version, package version, lockfile version, and repository URL do not all match, which looks sloppy but not directly malicious from the provided code.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/modules/auth.js:11
Evidence
this.apiKey = [REDACTED];

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/modules/config.js:24
Evidence
api_key: typeof ragflow.api_key === "string" ? ragflow.api_key : [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/modules/auth.ts:15
Evidence
this.apiKey = [REDACTED];

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/modules/config.ts:25
Evidence
typeof ragflow.api_key === "string" ? ragflow.api_key : [REDACTED],