Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- tests/smoke.mjs:81
- Evidence
execSync("dlazy --version", { stdio: "ignore" });
Security audit
Security checks across malware telemetry and agentic risk
This plugin is not clearly malicious, but it wraps a very broad media-generation CLI and includes under-disclosed voice cloning, canvas-writing, and credential/environment exposure risks.
Install only if you trust the dLazy CLI and service account context. Expect prompts, local media paths, and generated assets to be sent to dLazy services, and be aware the plugin can use existing local dLazy credentials. Avoid using it in environments with unrelated secrets in environment variables, and do not use the voice-cloning features unless you have explicit permission from the speaker.
59/59 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
execSync("dlazy --version", { stdio: "ignore" });