Back to plugin

Security audit

Stock Analysis

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis plugin is mostly coherent, but it should be reviewed because crafted stock-symbol input can reach local shell commands.

Install only if you trust the publisher and can tolerate local command-execution risk. Avoid passing untrusted or copied stock symbols into the risk/anomaly tools until the package validates symbols and replaces shell=True string commands with argument arrays.

VirusTotal

64/64 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.ts:14
Evidence
const { stdout } = await exec(bin, argv, { maxBuffer: 32 * 1024 * 1024 });

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/setup-python.mjs:13
Evidence
execSync(cmd, { stdio: "pipe", timeout: 300_000 });