Back to plugin

Security audit

OpenDexter

Security checks across malware telemetry and agentic risk

Overview

OpenDexter is coherent for paid API access, but it can use wallet private keys to automatically spend USDC on agent-selected API calls.

Install only if you are comfortable letting the agent make wallet-funded API calls. Use a dedicated low-balance wallet, keep the per-call limit low, verify the facilitator and marketplace URLs, and require manual approval before any paid call.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.ts:167
Evidence
svmPrivateKey: raw.svmPrivateKey || process.env.SVM_PRIVATE_KEY,