critical
suspicious.dangerous_exec
- Location
- bin/codexinfo-hook.js:299
- Finding
- Shell command execution detected (child_process).
- Evidence
proc = spawn(codexBin, ["app-server"], { stdio: ["pipe", "pipe", "ignore"] });
CodexInfo
AdvisoryAudited by Static analysis on May 14, 2026.
Overview
Detected: suspicious.dangerous_exec
Findings (8)
critical
suspicious.dangerous_exec
- Location
- bin/codexinfo.js:81
- Finding
- Shell command execution detected (child_process).
- Evidence
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });
critical
suspicious.dangerous_exec
- Location
- dist/cli/doctor.js:53
- Finding
- Shell command execution detected (child_process).
- Evidence
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });
critical
suspicious.dangerous_exec
- Location
- dist/cli/setup.js:31
- Finding
- Shell command execution detected (child_process).
- Evidence
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });
critical
suspicious.dangerous_exec
- Location
- dist/rate-limit.js:96
- Finding
- Shell command execution detected (child_process).
- Evidence
proc = spawn(codexBin, ["app-server"], {
critical
suspicious.dangerous_exec
- Location
- src/cli/doctor.ts:61
- Finding
- Shell command execution detected (child_process).
- Evidence
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });
critical
suspicious.dangerous_exec
- Location
- src/cli/setup.ts:38
- Finding
- Shell command execution detected (child_process).
- Evidence
const { stdout } = await execFile("codex", ["--version"], { timeout: 5000, shell: true });
critical
suspicious.dangerous_exec
- Location
- src/rate-limit.ts:111
- Finding
- Shell command execution detected (child_process).
- Evidence
proc = spawn(codexBin, ["app-server"], {