Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- dist/index.js:17
- Evidence
const proc = spawn("python3", [BRIDGE_SCRIPT], {
Security audit
Security checks across malware telemetry and agentic risk
Visible artifacts describe a legitimate local memory plugin, but installing it means the agent can run local Python, save conversation-derived memories, and use them automatically in future sessions.
Install only if you want persistent agent memory. Expect local Python execution, a local YantrikDB database, an encryption key file, and startup hooks that refresh/save memory automatically. Avoid storing secrets unless you have verified encryption and deletion controls work for your setup.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const proc = spawn("python3", [BRIDGE_SCRIPT], {const result = spawnSync('python3', ['-c', `const proc = spawn("python3", [BRIDGE_SCRIPT], {