Back to plugin

Security audit

SignalPipe

Security checks across malware telemetry and agentic risk

Overview

SignalPipe appears to be a coherent sales automation plugin, but users should understand that it sends prospect data to a backend and can optionally post or DM on Reddit after approval.

Install only if you are comfortable sending sales and prospect data to the configured SignalPipe backend. Use sender mode carefully: start with dry_run, keep daily caps low, review drafts before approval, and consider a dedicated Reddit sending account because automated comments or DMs can affect account reputation or violate platform rules. Protect and rotate SIGNALPIPE_OPERATOR_KEY and any REDDIT_* credentials.

VirusTotal

58/58 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/sender/redditSender.js:89
Evidence
clientSecret: [REDACTED],