Dynamic code execution detected.
Critical
- Code
- suspicious.dynamic_code_execution
- Location
- dist/index.js:6024
- Evidence
return new Function(""), !0;
Security audit
Ai4Scholar
Security checks across malware telemetry and agentic risk
Overview
This academic search plugin mostly matches its description, but it declares silent default auto-updates and sends research inputs to ai4scholar.net.
Review and preferably disable the autoUpdate setting before installing. Use a dedicated ai4scholar.net API key, avoid submitting confidential manuscripts or figures unless you trust the provider, and ask the publisher to clarify or remove the silent updater and compiled Python cache artifacts.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
Detected: suspicious.dynamic_code_execution, suspicious.env_credential_access, suspicious.obfuscated_code
Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- dist/index.js:24924
- Evidence
process.env.HOME ?? "~",
Potential obfuscated payload detected.
Warn
- Code
- suspicious.obfuscated_code
- Location
- dist/index.js:6200
- Evidence
return Uint8Array.fromBase64 ? Uint8Array.fromBase64(str) : stringToBytes(atob(str));