New Plugin - Questionable Code

I just bought plugin off the marketplace and ever since using it, I’m showing unauthorized usage for my API key. My API key is secure. No one has accessed my account. The problem did not show up until I started using this plugin.

How do I review the source code for an Unreal Engine plugin? I want to see if the plugin is routing my information to a third party. And lastly, could the uptick in API usage be due to something else? for example, A 24-hour delay before usage gets listed on my Open AI dashboard? I mean, seriously, I have absolutely never heard of a bad actor selling a plugin through the marketplace. It seems like that sort of thing would become known quickly. I must be not really understanding what is going on.

All the plugins ship with the source code. Just take a look in

C:\Program Files\Epic Games\UE_5.1\Engine\Plugins\Marketplace\PluginName\Source