Is "@backstage-community/plugin-announcements-node" on n8n Safe to Install?

patriko · n8n · v0.16.0

Node.js library for the announcements plugin

Risk Assessment

Analyzed
64.85
out of 100
MEDIUM

21 security findings detected across all analyzers

Severity Breakdown

0
Critical
0
High
13
Medium
8
Low
0
Info

Finding Categories

3
Network
10
IoC Indicators

YARA Rules Matched

3 rules(5 hits)
postinstall system command postinstall file download postinstall file manipulation

About This Extension

Node.js library for the announcements plugin

Detailed Findings

11 total

YARA Rule Matches

3 rules

Indicators of Compromise

Network indicators, suspicious strings, and potential IoCs extracted during analysis

URLs
3
Domains
7
Strings
10

All Indicators · 10

Domain
detected Domain: github.com

XIOC detected Domain: github.com

extracted_from_files

URL
detected URL: http://www.apache.org/licenses/LICENSE-2.0

XIOC detected URL: http://www.apache.org/licenses/LICENSE-2.0

extracted_from_files

URL
detected URL: https://github.com/backstage/community-plugins

XIOC detected URL: https://github.com/backstage/community-plugins

extracted_from_files

Domain
detected Domain: events.md

XIOC detected Domain: events.md

extracted_from_files

Domain
detected Domain: signals.md

XIOC detected Domain: signals.md

extracted_from_files

Domain
detected Domain: defaultannouncementsservice.cjs.js.map

XIOC detected Domain: defaultannouncementsservice.cjs.js.map

extracted_from_files

Domain
detected Domain: www.apache.org

XIOC detected Domain: www.apache.org

extracted_from_files

Domain
detected Domain: announcementsserviceref.cjs.js.map

XIOC detected Domain: announcementsserviceref.cjs.js.map

extracted_from_files

Domain
detected Domain: index.cjs.js.map

XIOC detected Domain: index.cjs.js.map

extracted_from_files

URL
detected URL: https://github.com/procore-oss/backstage-plugin-announcements/tree/main/plugins/announcements-node)

XIOC detected URL: https://github.com/procore-oss/backstage-plugin-announcements/tree/main/plugins/announcements-node)

extracted_from_files

Security Analysis Summary

Security Analysis Overview

@backstage-community/plugin-announcements-node is a n8n extension published by patriko. Version 0.16.0 has been analyzed by the Risky Plugins security platform, receiving a risk score of 64.85/100 (MEDIUM risk) based on 21 security findings.

Risk Assessment

This extension presents high security risk. Significant concerns were identified during analysis. It is not recommended for use in sensitive or production environments without thorough review.

Findings Breakdown

  • Medium: 13 finding(s)
  • Low: 8 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

  • Malware Detection: YARA rule matching against 2,400+ malware signatures
  • Secret Detection: Scanning for exposed API keys, tokens, and credentials
  • Static Analysis: Code-level security analysis for common vulnerability patterns
  • Network Analysis: Detection of suspicious network communications and endpoints
  • Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

@backstage-community/plugin-announcements-node is published by patriko on the n8n marketplace.

Recommendation

This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

@backstage-community/plugin-mcp-chat-backend

patriko

CRITICAL

@backstage-community/plugin-announcements

patriko

HIGH

@backstage/plugin-mcp-actions-backend

patriko

HIGH

@backstage-community/plugin-cost-insights

patriko

HIGH

@backstage/plugin-auth-node

patriko

HIGH

@backstage-community/plugin-manage-backend

patriko

HIGH