Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/src/cli-auth.js:100
- Evidence
exec(openCmd, (err) => {
Security audit
Security checks across malware telemetry and agentic risk
No artifact-backed suspicious behavior could be confirmed, but the workspace artifacts could not be read in this run.
Treat this as an incomplete review rather than a clean bill of health; review metadata.json and the artifact directory contents before installing.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal
exec(openCmd, (err) => {const iaKey = process.env.INTERACTIVE_AI_KEY || process.env.AI_API_KEY || "";
const relayToken = process.env.PINCLAW_RELAY_TOKEN;
const relayToken = process.env.PINCLAW_RELAY_TOKEN;
authToken: [REDACTED],
const accessToken = [REDACTED];