Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/docker-bootstrap.js:114
- Evidence
const child = spawn(command, args, {
Security audit
Security checks across malware telemetry and agentic risk
This plugin appears to do what it advertises, but it should only be used with a trusted Redact API endpoint because prompts and tool parameters may be sent there.
Install only if you are comfortable sending potentially sensitive prompts and tool parameters to the configured Redact API. Keep the endpoint local or controlled by your organization for sensitive workflows, avoid audit-only mode when you need actual redaction, and enable Docker auto-start only with a trusted image and host configuration.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
const child = spawn(command, args, {