Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- src/shared.mjs:60
- Evidence
const child = spawn(command, args, {
Security audit
Security checks across malware telemetry and agentic risk
VideoMemory mostly matches its stated purpose, but it can fetch and run changing code from GitHub and copy AI API keys into VideoMemory, so it needs review before installation.
Install only if you trust the VideoMemory publisher and the referenced GitHub repository. Run the explain/safe path first, avoid automatic key syncing unless you intend it, keep VIDEOMEMORY_BASE on a trusted local endpoint, and pin the repository ref before allowing the plugin to bootstrap or relaunch the service.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.install_untrusted_source
const child = spawn(command, args, {env: env ? { ...process.env, ...env } : process.env,"default": "http://127.0.0.1:5050",