Back to plugin

Security audit

Frontend Vibe Suite

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent and purpose-aligned, with disclosed DashScope API use and local helper scripts; no malicious behavior is evidenced, but users should notice the API key requirement and bundled Python cache files.

This skill appears reasonable for its frontend design workflow if you are comfortable running its Python helper scripts and sending selected prompts/public media URLs to DashScope. Before use, configure only a trusted DashScope endpoint and key, review command paths, keep generated files in a project workspace, and consider removing the bundled __pycache__/.pyc files.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.