Back to plugin

Security audit

ebb-ai — carbon-aware deferral

Security checks across malware telemetry and agentic risk

Overview

This plugin does what it says: it keeps a local queue of deferred AI tasks and runs them later at lower-carbon grid times, with expected local storage and provider API use.

Before installing, be comfortable with the gateway keeping a local queue of task prompts/results and running queued work in the background. Use webhook and file delivery only for destinations you trust, and review any OpenAI, Anthropic, Telegram, and grid API keys available to the gateway because queued tasks may use them.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.potential_exfiltration

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:4401
Evidence
const key = apiKey ?? process.env.EBB_ELECTRICITY_MAPS_API_KEY;

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
dist/index.js:4935
Evidence
const privatePem2 = readFileSync(privateKeyPath, "utf8");