Back to plugin

Security audit

LinkMind Context Engine

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims: it registers a context engine and sends session messages to a configurable LinkMind API for compression; it does not request unrelated credentials or elevated privileges, but it will transmit chat content to an external service (privacy risk you should accept explicitly).

This plugin will send your session messages (full conversation content) to the configured LinkMind endpoint for compression. That is its core purpose — do not install it if you cannot or do not want conversation data sent to an external service. If you plan to use it in production: (1) set apiUrl to a trusted/controlled endpoint (or host your own LinkMind-compatible service) and supply an apiKey with least privilege; (2) review logs — the plugin may log api keys (Object.keys(api)) on an error path, so consider disabling debug logs or removing that logging before exposing to sensitive workloads; (3) ask the publisher to remove .npm-cache entries from their packaged tarball and to confirm the published package matches the reviewed source; (4) if you need stricter privacy, do not use a remote compression service or ensure the remote service's privacy/security posture is acceptable.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.