Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/index.js:17
- Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT], {
Security audit
Security checks across malware telemetry and agentic risk
Brain is a disclosed local memory plugin that runs Python and stores cross-conversation agent memory; the main risks are expected for its purpose but users should understand the persistence and install details.
Before installing, make sure you want an agent memory system that persists conversation details across sessions and runs local Python hooks. Verify the intended Python package because the artifacts use several related names, and review or clear stored memories if sensitive information is captured.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const proc = spawn("python3", [BRIDGE_SCRIPT], {const result = spawnSync('python3', ['-c', `const proc = spawn("python3", [BRIDGE_SCRIPT], {