Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- index.ts:418
- Evidence
const child = spawn(command, args, {
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a legitimate Corev configuration-management plugin, but users should know it runs local code and host-management commands rather than being purely instructional.
This looks internally consistent with a Corev DevOps/config-management plugin. Before installing, treat it as an active code-running plugin: it can execute Corev/local host commands, write a server .env file, start local processes, and use configurable start/stop/create-user commands. Install it only in a trusted working directory, review any hostStartCommand/hostStopCommand values before use, and only allowlist mutating tools like push, revert, checkout, init, or host bootstrap if you intend the agent to make those changes.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal
const child = spawn(command, args, {mockServer = spawn('node', ['tests/mock-api.mjs'], {const {stdout, stderr} = await execFile(command, args, {return asString(params.mongoUri) || asString(pluginConfig.hostMongoUri) || asString(process.env.MONGO_URI);
const runLive = process.env.COREV_LIVE_E2E === '1';
const password = [REDACTED](params);
* Authorization: Bearer [REDACTED]