Back to plugin

Security audit

Firewall

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, instructions, and requirements are coherent with its stated purpose (pre-call budget/token guard); no unexplained credential or external network access is requested.

This plugin appears internally consistent for local pre-call budget and token guarding. Before installing: (1) Keep debug:false in production — the debug logger only redacts top-level keys and may miss nested secrets. (2) Verify that the model pricing table and any overrides you provide match your real billing rates to avoid false blocks or underestimates. (3) Confirm the package version you install matches the registry/package.json you expect (manifest shows a minor version mismatch). (4) Review the small dependency (zod) if your environment has strict supply-chain policies. If you need stronger secret-safety, avoid passing raw runtime credential objects into the guard when debug is enabled.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.