Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/index.js:21
- Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {
Security audit
Security checks across malware telemetry and agentic risk
The skill appears to be a local function runner, but it under-declares its runnable code, automatically starts a persistent Python bridge, and contains entrypoint behavior that does not match the KubeFn description.
Install only if you intentionally want a local code-execution function runner. Review the package carefully first, because it can start a persistent Python process and deploy or hot-swap code with your user permissions; no external exfiltration was evident, but the metadata and entrypoint are inconsistent and the execution boundaries are not clearly documented.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {