Back to plugin

Security audit

Find My

Security checks across malware telemetry and agentic risk

Overview

This plugin is a clearly disclosed, read-only Find My integration that handles sensitive location data and should only be used by the Mac owner for people already sharing with that Apple ID.

Install only if you are comfortable giving the host process Screen Recording access and trusting the separate Homebrew `findmy-cli` binary. Use it on a Mac you control, for people who knowingly share their Find My location with that Apple ID, and avoid enabling it in shared or unattended agent setups where someone else could query friends' locations.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:56
Evidence
const result = execFileSync(cmd, [name], { encoding: "utf8" }).trim();

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.ts:9
Evidence
* - Spawns via execFile (NOT exec / shell): argv is passed as a token array,