Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/index.js:56
- Evidence
const result = execFileSync(cmd, [name], { encoding: "utf8" }).trim();
Security audit
Security checks across malware telemetry and agentic risk
This plugin is a clearly disclosed, read-only Find My integration that handles sensitive location data and should only be used by the Mac owner for people already sharing with that Apple ID.
Install only if you are comfortable giving the host process Screen Recording access and trusting the separate Homebrew `findmy-cli` binary. Use it on a Mac you control, for people who knowingly share their Find My location with that Apple ID, and avoid enabling it in shared or unattended agent setups where someone else could query friends' locations.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec
const result = execFileSync(cmd, [name], { encoding: "utf8" }).trim();* - Spawns via execFile (NOT exec / shell): argv is passed as a token array,