Back to plugin

Security audit

Conductor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to run a persistent local Python workflow/event-bus process even though the registry says it is instruction-only with no required binaries, and its exposed behavior does not fully match its description.

Review this skill before installing. It should be treated as a local code-executing workflow/event engine that starts a persistent Python bridge and stores workflow data on disk, not as an instruction-only skill. Install only if you are comfortable with that behavior, verify the source/provenance, and require approval for reset, replay, compaction, or self-healing actions that could change workflow state.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:21
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.ts:42
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
pipeline_engine/expressions.py:4
Evidence
No eval(), no exec(), no filesystem access.