File appears to expose a hardcoded API secret or token.
- Code
- suspicious.exposed_secret_literal
- Location
- dist/modules/auth.js:11
- Evidence
this.apiKey = [REDACTED];
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a coherent RAGFlow knowledge-base plugin, though the package metadata has some sloppy version/source inconsistencies.
This plugin appears to do what it claims: connect your agent to a configured RAGFlow server for search, upload, and deletion. Before installing, make sure the `api_url` points to a RAGFlow server you trust, because the plugin will send the configured API key and uploaded/search content there. Also note the minor packaging inconsistencies: registry version, package version, lockfile version, and repository URL do not all match, which looks sloppy but not directly malicious from the provided code.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.exposed_secret_literal
this.apiKey = [REDACTED];
api_key: typeof ragflow.api_key === "string" ? ragflow.api_key : [REDACTED],
this.apiKey = [REDACTED];
typeof ragflow.api_key === "string" ? ragflow.api_key : [REDACTED],