Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- .compare-approved-tarball/package/dist/compiler/compiler-process.js:25
- Evidence
const child = spawn(invocation.command, invocation.args, {
Security audit
Security checks across malware telemetry and agentic risk
The plugin is not clearly malicious, but it exposes local process execution and file-writing bridge features more broadly than its public safety description suggests.
Install only if you specifically need this UMG compiler-bridge workflow. Keep bridge and relation-matrix write features gated, restrict compilerCliPath and outputDir to trusted locations, and treat the plugin as capable of local process execution despite the benign inspection-focused framing.
62/62 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
const child = spawn(invocation.command, invocation.args, {const child = spawn(invocation.command, invocation.args, {const child = spawn(invocation.command, invocation.args, {const child = spawn(invocation.command, invocation.args, {