Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
- Skill content
const spawnFn = params.spawn ?? ((command, args, options) => spawn(command, args, options));
Google Meet
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No risk analysis has been recorded yet.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
accessToken: [REDACTED],
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
const clientSecret = [REDACTED]?.trim() || config.oauth.clientSecret;
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
clientSecret: [REDACTED](raw.clientSecret) ?? config.oauth.clientSecret,
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
clientSecret: [REDACTED](oauth.clientSecret) ?? [REDACTED](auth.clientSecret) ?? readEnvString(env, GOOGLE_MEET_CLIENT_SECRET_KEYS),
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
const accessToken = [REDACTED]?.trim();
VirusTotal
60/60 vendors flagged this plugin as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.