Back to plugin

Security audit

S2 汉字空间调色盘

Security checks across malware telemetry and agentic risk

Overview

The skill's code and instructions align with its stated purpose (local ambient Hanzi rendering); it uses only local-network pushes to a user-configured panel IP and requests no secrets, with only a small wording mismatch about being strictly 'zero network'.

This plugin appears to do what it says: generate an offline Hanzi rendering blueprint and (optionally) POST it to a local display panel. Before installing, decide whether you want any local-network access: if you do not set DISPLAY_PANEL_IP, the plugin will only simulate output to stdout. If you enable DISPLAY_PANEL_IP, the plugin will send JSON to http://<IP>:8080/api/v1/render/hanzi_palette (3s timeout). The ENABLE_EXTERNAL_LLM env var is present but not used by the shipped code — do not enable or trust cloud overrides unless you audit/extend the code. If you want tighter control, run the plugin in a network-restricted environment or verify the display panel endpoint is trusted and on your LAN.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.