Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/ensure-dist.mjs:19
- Evidence
execSync("npm run build", { cwd: root, stdio: "inherit", shell: true });
Security audit
Security checks across malware telemetry and agentic risk
This skill broadly matches its plan-management purpose, but it can create persistent local AI agents and run background task dispatches from remote prompts without code-enforced approval boundaries.
Install only if you trust the publisher and the plan-system backend. Before using it, inspect the install scripts, use limited-scope API keys, keep Notion/Feishu sync disabled unless needed, and require explicit approval before cloning AI staff or dispatching tasks.
67/67 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
execSync("npm run build", { cwd: root, stdio: "inherit", shell: true });