Back to plugin

Security audit

Buddy

Security checks across malware telemetry and agentic risk

Overview

Buddy appears to implement its voice-command purpose, but it needs review because a web request can become an agent instruction and its setup/storage choices can expose sensitive tokens or voice recordings.

Install only if you trust the publisher and can secure the gateway. Use a long random bearer token, keep the route behind HTTPS, do not send the pairing URL/token to public QR-code services, rotate the token if exposed, review where audio is stored and deleted, and adjust the prompt framing so the agent confirms sensitive actions before acting.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
README.md:77
Evidence
authToken: "[REDACTED]",