Back to plugin

Security audit

secr — Secrets management & NHI governance

Security checks across malware telemetry and agentic risk

Overview

The plugin largely matches its secrets-management purpose, but it deserves review because it handles agent secrets, fails open when its gateway cannot initialize, and may audit or log sensitive context.

Install only if you trust secr with the relevant secret and tool-audit data. Use least-privilege allowlists, keep materializeOnStartup disabled unless needed, avoid debug mode with token-based config, and decide whether the fail-open gateway behavior is acceptable for your environment.

VirusTotal

56/56 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.