Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- index.js:51
- Evidence
const child = spawn("python", args, {
Security audit
Security checks across malware telemetry and agentic risk
This skill appears aligned with its stated purpose, but it runs a local Python helper and sends your BrowserAct API key and search requests to BrowserAct.
Before installing, make sure you trust BrowserAct, are comfortable sending Amazon search parameters to its API, and understand that your BrowserAct API key may be used to run tasks and consume quota. Keep page counts modest unless you intend a larger scrape.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const child = spawn("python", args, {