Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/mcp-server.js:2295
- Evidence
while ((m = re.exec(text)) !== null) {
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a real n8n operations plugin whose access to n8n workflows, executions, tags, audits, and an n8n API key matches its stated purpose.
If you install this, treat it as giving your agent operational visibility into your n8n instance. Keep enableEdit disabled unless you want the agent to create, modify, retry, cancel, archive, or delete workflows/executions/tags. Use an n8n API key intended for this purpose, point baseUrl only at your real n8n instance, and avoid configuring apiKeyEnv to any unrelated secret. Be aware that execution logs, webhook URLs, and workflow definitions may contain sensitive data.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
while ((m = re.exec(text)) !== null) {`const proc = spawnSync('node', ['bin/browser-bridge.js', PLATFORM, ACTION], {\n` +const fromEnv = (process.env[config.apiKeyEnv] ?? "").trim();