Back to plugin

Security audit

KubeFn Lite

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local function runner, but it under-declares its runnable code, automatically starts a persistent Python bridge, and contains entrypoint behavior that does not match the KubeFn description.

Install only if you intentionally want a local code-execution function runner. Review the package carefully first, because it can start a persistent Python process and deploy or hot-swap code with your user permissions; no external exfiltration was evident, but the metadata and entrypoint are inconsistent and the execution boundaries are not clearly documented.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:21
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.ts:42
Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT, "--persistent"], {