Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/cli/index.js:592
- Evidence
const child = spawn(process.argv[0], [process.argv[1], "init"], {
Security audit
Security checks across malware telemetry and agentic risk
Neotoma appears to be a legitimate memory/MCP server, but it recommends broad workspace inspection and can persistently modify agent rule files, so users should review its setup and data boundaries carefully.
Install only if you want a persistent cross-agent memory layer. Before setup, narrow any agent prompts to specific files or projects, inspect any .cursor/.claude/.codex rules it proposes or updates, pin the npm package version if possible, and verify where data, tokens, embeddings, exports, and deletion controls live.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal
const child = spawn(process.argv[0], [process.argv[1], "init"], {execSync("npm run sync:mcp", {child = spawn(MCP_CMD, MCP_ARGS, {const child = spawn("tsx", [scriptPath], {localApiChild = spawn(process.execPath, [actionsPath], {process.env.NEOTOMA_USE_READLINE === "1" ||
const ENCRYPTION_KEY = process.env.NEOTOMA_MCP_TOKEN_ENCRYPTION_KEY ||
...process.env,
const bearerToken = [REDACTED]("Bearer ".length).trim();access_token: [REDACTED],
const bearerToken = [REDACTED](keyPair.publicKey);
const privateKey = [REDACTED]();
? new OpenAI({ apiKey: [REDACTED] })process.env.OPENAI_API_KEY = [REDACTED];
? new OpenAI({ apiKey: [REDACTED] })accessToken: [REDACTED]("local_access"),const bearerToken = [REDACTED]?.trim() || "";
bearerToken: [REDACTED],
? new OpenAI({ apiKey: [REDACTED] })const openai = new OpenAI({ apiKey: [REDACTED] });