Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/security-audit-selftest.mjs:152
- Evidence
const child = spawn(process.execPath, args, {
Security audit
Security checks across malware telemetry and agentic risk
This package is a defensive security-audit plugin whose local scanning, report writing, and authorized web checks match its stated purpose.
Install only if you want an agent-assisted security audit workflow. Use active or standard website modes only on systems you own or are explicitly authorized to test, and prefer an isolated workspace when auditing untrusted code because the tool may read project files and invoke installed local scanner tools.
65/65 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
const child = spawn(process.execPath, args, {const match = rule.matcher.exec(lines[index]);
process.env.SECURITY_AUDIT_TOOLS_DIR