Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- index.js:428
Security audit
Security checks across malware telemetry and agentic risk
The available evidence does not substantiate harmful behavior beyond weak VirusTotal telemetry and an unverified prompt-injection indicator.
Install only if the publisher and skill purpose are otherwise familiar to you, and review the skill text for prompt-like instructions before use because the automated review did not complete and VirusTotal had a small number of detections.
SkillSpector could not complete.
2/64 vendors flagged this skill as malicious, and 62/64 flagged it as clean.
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+4 more)