Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- lib/senses/git.js:27
Security audit
Security checks across malware telemetry and agentic risk
The skill matches its agent-network purpose in many areas, but it also gives the agent broad local file and shell execution powers that are not clearly scoped in the public skill description.
Install only if you intend to run a powerful local agent node that can read and modify files and execute shell commands through its chat tooling. Use an isolated workspace, avoid storing secrets in the runtime environment, do not expose server mode to untrusted networks, keep ALEPH_DEV_NO_AUTH unset, and review seed nodes and data directories before enabling autonomous learning or network sync.
SkillSpector could not complete.
63/63 vendors flagged this skill as clean.
Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.exposed_secret_literal