Back to plugin

Security audit

SF Plugin Core Assets Test

Security checks across malware telemetry and agentic risk

Overview

Prompt-injection indicators were detected in the submitted artifacts (you-are-now); human review is required before treating this skill as clean.

This appears safe to install as a Salesforce template/documentation bundle, but use care with sub-skills that touch a real Salesforce org. Review generated code and metadata before applying it, prefer sandboxes for testing, and keep OAuth secrets and refresh tokens out of prompts, logs, and shared files. ClawScan detected prompt-injection indicators (you-are-now), so this skill requires review even though the model response was benign.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.