Back to plugin

Security audit

liangzimixin-test

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real IM channel plugin, but it should be reviewed because it handles chat credentials and tokens while the bundled SDK/code shows a possible hardcoded authorization secret and provenance ambiguity.

Install only if you trust the publisher and the IM provider. Before enabling it, verify the hardcoded Authorization finding, restrict file roots and endpoint environment overrides, understand that the plugin stores tokens/logs under ~/.liangzimixin, and treat all incoming chat messages as untrusted agent input.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal, suspicious.obfuscated_code

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.cjs:153
Evidence
var env = process.env;

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/setup-entry.cjs:153
Evidence
var env = process.env;

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.cjs:40670
Evidence
accessToken: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/quantum-sdk/index.cjs:4147
Evidence
const response = await http2.post(url, data, { headers: { Authorization: [REDACTED] } });

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/setup-entry.cjs:39134
Evidence
accessToken: [REDACTED],

Potential obfuscated payload detected.

Warn
Code
suspicious.obfuscated_code
Location
dist/index.cjs:9089
Evidence
req.end(Buffer.from(jsonStringify(options, this.options.replacer), "utf8"));

Potential obfuscated payload detected.

Warn
Code
suspicious.obfuscated_code
Location
dist/setup-entry.cjs:9089
Evidence
req.end(Buffer.from(jsonStringify(options, this.options.replacer), "utf8"));