Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/mcp-client.cjs:28993
- Evidence
const matches = RELATIVE_JSON_POINTER.exec($data);
Security audit
Security checks across malware telemetry and agentic risk
The available artifacts look like disclosed operational tooling rather than malware, though they should be used with scoped credentials.
Install only if you intend to let the skill use the named operational services. Use least-privilege API tokens, review any setup-created config or memory paths, and confirm before running commands that create, update, delete, publish, ban, or push external changes.
63/63 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution
const matches = RELATIVE_JSON_POINTER.exec($data);
const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);