Back to plugin

Security audit

agentcop

Security checks across malware telemetry and agentic risk

Overview

This security monitor is mostly purpose-aligned, but it automatically inspects broad agent activity and may write sensitive request URLs into logs, so it deserves review before installation.

Review the logging behavior before installing. The plugin does not show obvious exfiltration or hidden install behavior, but it is an always-on monitor with broad visibility into agent activity, and secrets in request URLs may be written to logs unless the publisher adds redaction.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
tests/compliance.test.js:97
Evidence
it('no execSync("npm install") or child_process npm install', () => {

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
tests/compliance.test.js:164
Evidence
it('no eval() calls', () => {

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
tests/detectors.test.js:215
Evidence
const v = detectInsecureOutput('Authorization: Bearer [REDACTED]', 'test');