Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/src/button-dispatcher.js:853
- Evidence
log(`[dispatcher] exec (dynamic): ${dynamicScript.slice(0, 120)}`);
Security audit
Security checks across malware telemetry and agentic risk
This VK plugin is mostly aligned with channel integration, but it contains undisclosed dynamic shell execution plus extra credential and provider data flows that warrant careful review before installation.
Install only after reviewing or disabling the dynamic command-execution path. If you proceed, use least-privilege VK tokens, keep DM policy on pairing or allowlist, explicitly configure any Groq/ElevenLabs/Mistral features you want, and avoid giving this plugin access to production community management until its command and provider-data boundaries are clear.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
log(`[dispatcher] exec (dynamic): ${dynamicScript.slice(0, 120)}`);log(`[dispatcher] exec (dynamic): ${dynamicScript.slice(0, 120)}`);const APP_DIR = process.env.APP_DIR || "/opt/myapp";
const apiKey = process.env.ELEVENLABS_API_KEY;
const APP_DIR = process.env.APP_DIR || "/opt/myapp";
const apiKey = process.env.ELEVENLABS_API_KEY;