Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/index.mjs:3959
- Evidence
const match = TRACE_PARENT_REGEX.exec(traceParent);
Security audit
Security checks across malware telemetry and agentic risk
This is a disclosed telemetry plugin, but it can send agent files and optionally chat/tool content externally, and its in-chat controls and privacy wording need careful review before installation.
Install only if you trust the configured Oversee endpoint and understand that agent identity files leave your machine at startup. Keep output capture and readUserData off unless needed, restrict who can run `/oversee capture on`, and verify the publisher clarifies the LLM-output privacy claim before using this in sensitive environments.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)
const match = TRACE_PARENT_REGEX.exec(traceParent);
const processEnv = (0, environment_1.parseEnvironment)(process.env);
privateKey: [REDACTED]
const result = await fs_1.promises.readFile("/etc/hostid", { encoding: "utf8" });