Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/build.mjs:13
- Evidence
const child = spawn(
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a real Obsidian-vault knowledge-base runtime, and its file access fits that purpose.
This looks internally coherent. If you install it, expect it to read raw files and write wiki/state files inside the vault root you configure. Be careful not to point vaultRoot at a broader directory than intended. If you use its generated MCP/npx setup commands, consider pinning the npm package version instead of using @latest if you want reproducible behavior.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const child = spawn(