Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/mcp-client.cjs:28993
- Evidence
const matches = RELATIVE_JSON_POINTER.exec($data);
Security audit
Security checks across malware telemetry and agentic risk
This TikTok research bridge mostly does what it advertises, but it starts a persistent local service tied to a logged-in browser session and exposes under-protected local control endpoints.
Install only if you are comfortable letting a local Node service communicate with a Chrome extension connected to your logged-in TikTok session. Use a dedicated save directory, review or delete saved JSON results, avoid shared machines for sensitive research, and be aware that other local processes may be able to reach the service while it is running.
63/63 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution
const matches = RELATIVE_JSON_POINTER.exec($data);
const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);