Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/copy-key.js:32
Security audit
Security checks across malware telemetry and agentic risk
The skill is purpose-built for NewAPI management, but it gives the agent sensitive token-management power and includes an under-contained command execution path.
Install only if you trust the publisher and are comfortable giving this skill NewAPI management access. Prefer exported NEWAPI_* environment variables over project .env files, keep .env files minimal, use apply-token instead of exec-token when possible, and review any exec-token command carefully before it runs.
59/59 vendors flagged this skill as clean.
Detected: suspicious.dangerous_exec