Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/engine.js:414
- Evidence
result = execSync(`${PYTHON} ${tmpFile}`, {
Security audit
Security checks across malware telemetry and agentic risk
This looks like a real local context-memory plugin, but it automatically persists and reuses conversation/workspace context and runs Python shell code with hard-coded, under-declared setup.
Install only if you intentionally want an always-on local memory/context plugin. Before using it, review or change the hard-coded database paths, confirm the Python embedding code you are willing to run, and make sure you are comfortable with conversation and workspace details being stored and reused in later agent context.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
result = execSync(`${PYTHON} ${tmpFile}`, {result = execSync(`${PYTHON} ${tmpFile}`, {