Back to plugin

Security audit

Spec-Task System

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local structured task-management plugin, and its file access and dependencies mostly match that purpose, with only minor documentation/version inconsistencies.

This plugin appears internally coherent: expect it to create and update local task-management files, archive task history, and inject task context into the agent workflow. Before installing, confirm you are comfortable with it reading project context/identity files and storing or surfacing that context in task config and prompts. The main caveats are documentation/version mismatches and the fact that the provided source listing was partly truncated, so a complete source review would increase confidence.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
test/e2e/schema-driven-cli-runner.mjs:39
Evidence
const child = spawn(cmd, args, { stdio: ["pipe", "pipe", "pipe"] });

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
test/e2e/v030-cli-e2e.test.ts:65
Evidence
const result = execSync(`node --check "${RUNNER_PATH}"`, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
test/e2e/v030-cli-runner.mjs:33
Evidence
const child = spawn(cmd, args, { stdio: ["pipe", "pipe", "pipe"] });