Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- main.js:24
Security audit
Security checks across malware telemetry and agentic risk
This skill does what it claims: it fetches the Spanish JW daily text, with a caution that its script uses shell-based curl instead of a safer fetch API.
Install only if you are comfortable with the skill contacting wol.jw.org to fetch the current daily text. The author should preferably replace the execSync curl call with web_fetch or a native HTTP API and document the implementation clearly, but I did not find hidden behavior, credential access, persistence, or exfiltration.
66/66 vendors flagged this skill as clean.
Detected: suspicious.dangerous_exec