Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/binary.js:21
- Evidence
const output = execSync(`"${binaryPath}" --version`, {
Security audit
Security checks across malware telemetry and agentic risk
The BitRouter integration is coherent for LLM routing, but it can download and run external installer/binary code and handle provider API keys, so it needs review before installation.
Install only if you trust BitRouter, its GitHub releases, and its installer domain. Consider installing the BitRouter binary manually from a verified source, require approval before using the installer or auth/key tools, keep the service bound to localhost, and review which provider API keys are available in your environment or BitRouter .env file.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.potential_exfiltration
const output = execSync(`"${binaryPath}" --version`, {execFile(binaryPath, ["--home-dir", homeDir, ...args], {const child = spawn(command, args, { timeout: timeoutMs });execFile(binaryPath, ["--home-dir", homeDir, ...args], { timeout: timeoutMs }, (err, stdout, stderr) => {const result = spawnSync(binaryPath, ["--home-dir", state.homeDir, "init"], {const child = spawn(binaryPath, ["--home-dir", state.homeDir, "serve"], {const result = spawnSync(binaryPath, ["--home-dir", homeDir, "auth", "login"], { stdio: "inherit" });const output = execSync(`"${binaryPath}" --version`, {execFile(
const child = spawn(command, args, { timeout: timeoutMs });execFile(
const result = spawnSync(
const child = spawn(binaryPath, ["--home-dir", state.homeDir, "serve"], {const result = spawnSync(
process.env.HOME ?? "/tmp",
/**