Security audit
Talk2Stock
Security checks across malware telemetry and agentic risk
Overview
The plugin’s core purpose is legitimate, but it registers more tools than its manifest discloses, including a stock-deducting ship-by-name action.
Review this before installing because it can change real business data in Talk2Stock. The main concern is disclosure: the runtime registers several tools that are not listed in the plugin manifest, including a ship-by-name tool that can mark an order shipped and deduct stock. Only install it if you trust the publisher, intend to grant order and inventory mutation authority, and are comfortable configuring a Talk2Stock API key for these actions.
VirusTotal
61/61 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
