Security audit
secr — Secrets management & NHI governance
Security checks across malware telemetry and agentic risk
Overview
The plugin largely matches its secrets-management purpose, but it deserves review because it handles agent secrets, fails open when its gateway cannot initialize, and may audit or log sensitive context.
Install only if you trust secr with the relevant secret and tool-audit data. Use least-privilege allowlists, keep materializeOnStartup disabled unless needed, avoid debug mode with token-based config, and decide whether the fail-open gateway behavior is acceptable for your environment.
VirusTotal
56/56 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
