Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- index.ts:14
- Evidence
const { stdout } = await exec(bin, argv, { maxBuffer: 32 * 1024 * 1024 });
Security audit
Security checks across malware telemetry and agentic risk
This stock-analysis plugin is mostly coherent, but it should be reviewed because crafted stock-symbol input can reach local shell commands.
Install only if you trust the publisher and can tolerate local command-execution risk. Avoid passing untrusted or copied stock symbols into the risk/anomaly tools until the package validates symbols and replaces shell=True string commands with argument arrays.
64/64 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
const { stdout } = await exec(bin, argv, { maxBuffer: 32 * 1024 * 1024 });execSync(cmd, { stdio: "pipe", timeout: 300_000 });