Security audit
Firewall
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, instructions, and requirements are coherent with its stated purpose (pre-call budget/token guard); no unexplained credential or external network access is requested.
This plugin appears internally consistent for local pre-call budget and token guarding. Before installing: (1) Keep debug:false in production — the debug logger only redacts top-level keys and may miss nested secrets. (2) Verify that the model pricing table and any overrides you provide match your real billing rates to avoid false blocks or underestimates. (3) Confirm the package version you install matches the registry/package.json you expect (manifest shows a minor version mismatch). (4) Review the small dependency (zod) if your environment has strict supply-chain policies. If you need stronger secret-safety, avoid passing raw runtime credential objects into the guard when debug is enabled.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
