File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- index.js:231
- Evidence
const apiKey = [REDACTED] || readAgntConfig()?.apiKey
Security audit
Security checks across malware telemetry and agentic risk
The plugin mostly matches an X/Twitter data API integration, but it also exposes under-disclosed generic AI and translation tools that can send arbitrary text to agntdata.
Install only if you are comfortable sending X queries, account identifiers, tweet IDs, and any text given to the AI or translation tools to api.agntdata.dev under your agntdata API key. Review agntdata's data handling terms before using it with private, confidential, or regulated text.
55/55 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
const apiKey = [REDACTED] || readAgntConfig()?.apiKey