Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/index.js:86
- Evidence
const child = spawn(ombPath, ["--mcp", "--auth-dir", this.authDir], {
Security audit
Security checks across malware telemetry and agentic risk
This skill openly gives an AI agent broad access to your logged-in browser, including the ability to read private pages and interact with websites, but the artifacts do not show strong per-site or per-action safeguards.
Use this only if you intentionally want an AI agent to operate your real logged-in browser. Consider a dedicated browser profile with limited accounts, avoid sensitive pages unless necessary, verify the remote installer and omb CLI, and require manual review before the agent submits forms, sends messages, changes settings, purchases anything, or accesses confidential systems.
67/67 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.install_untrusted_source
const child = spawn(ombPath, ["--mcp", "--auth-dir", this.authDir], {const envPath = process.env.OMB_PATH;
"default": "http://127.0.0.1:8787",
"default": "http://127.0.0.1:8787",