File appears to expose a hardcoded API secret or token.
- Code
- suspicious.exposed_secret_literal
- Location
- dist/sender/redditSender.js:89
- Evidence
clientSecret: [REDACTED],
Security audit
Security checks across malware telemetry and agentic risk
SignalPipe appears to be a coherent sales automation plugin, but users should understand that it sends prospect data to a backend and can optionally post or DM on Reddit after approval.
Install only if you are comfortable sending sales and prospect data to the configured SignalPipe backend. Use sender mode carefully: start with dry_run, keep daily caps low, review drafts before approval, and consider a dedicated Reddit sending account because automated comments or DMs can affect account reputation or violate platform rules. Protect and rotate SIGNALPIPE_OPERATOR_KEY and any REDDIT_* credentials.
58/58 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
clientSecret: [REDACTED],