Security audit
OpenDeploy
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real OpenDeploy deployment plugin, but using it will let the agent install/use OpenDeploy's CLI and send project deployment data to OpenDeploy.
Before installing, be comfortable with the core trust model: the agent may install/update the OpenDeploy npm CLI, inspect your application source, upload source archives and approved environment values to https://dashboard.opendeploy.dev/api, and create a local OpenDeploy credential in ~/.opendeploy/auth.json. Use limited-scope Git tokens where possible, review the full untruncated skill files if available, and remember that deleting the plugin does not automatically revoke an OpenDeploy token saved on disk.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
