Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- index.js:12
- Evidence
const version = execSync(`${bin} --version`, {
Security audit
Security checks across malware telemetry and agentic risk
This plugin appears to do what it claims: it adds browser automation through agent-browser/CDP, without asking for unrelated credentials.
Install this only if you are comfortable letting your agent control a browser and read or interact with pages you open, including authenticated sessions if you connect it to your logged-in Chrome. For safer use, consider using a separate browser profile, limiting domains with AGENT_BROWSER_ALLOWED_DOMAINS, and avoiding CDP access to your main logged-in browser unless you need it.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const version = execSync(`${bin} --version`, {const version = execSync(`${bin} --version`, {