Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/src/utils/secopsai-runner.js:20
- Evidence
const result = execFileSync(secopsExecutable(secopsPath), [...args, "--json"], {
Security audit
Security checks across malware telemetry and agentic risk
The visible plugin matches its stated SecOpsAI triage purpose and does not request unrelated credentials, but it relies on a trusted local SecOpsAI installation that is not declared as a formal requirement.
Before installing, make sure you trust the local SecOpsAI installation at the configured path, because this plugin will execute its secopsai binary. Be cautious about enabling the write-capable tools, especially triage orchestration and apply-action, because they can change local triage state. Confidence is medium because the provided dist/index.js artifact was truncated, so this assessment is based on the visible code and metadata.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const result = execFileSync(secopsExecutable(secopsPath), [...args, "--json"], {