Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- test/e2e/schema-driven-cli-runner.mjs:39
- Evidence
const child = spawn(cmd, args, { stdio: ["pipe", "pipe", "pipe"] });
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a local structured task-management plugin, and its file access and dependencies mostly match that purpose, with only minor documentation/version inconsistencies.
This plugin appears internally coherent: expect it to create and update local task-management files, archive task history, and inject task context into the agent workflow. Before installing, confirm you are comfortable with it reading project context/identity files and storing or surfacing that context in task config and prompts. The main caveats are documentation/version mismatches and the fact that the provided source listing was partly truncated, so a complete source review would increase confidence.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const child = spawn(cmd, args, { stdio: ["pipe", "pipe", "pipe"] });const result = execSync(`node --check "${RUNNER_PATH}"`, {const child = spawn(cmd, args, { stdio: ["pipe", "pipe", "pipe"] });