Back to plugin

Security audit

Quarantine

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a command sandbox, but its main extension looks like an event-bus plugin and starts a persistent Python helper automatically, so it needs manual review before installation.

Review this skill manually before installing. Confirm why the main extension contains event-bus APIs, verify the Python bridge source, and only use it in a disposable workspace until its runtime dependency, process lifecycle, file-apply scope, and approval model are clearly documented.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:21
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.ts:42
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {