Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
- Skill content
const matches = RELATIVE_JSON_POINTER.exec($data);
Tahcia
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No risk analysis has been recorded yet.
SkillSpector
By NVIDIA
SkillSpector findings are pending for this release.
Static analysis
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
- Skill content
const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
- Skill content
if (!process.env.WS_NO_BUFFER_UTIL) {
VirusTotal
62/62 vendors flagged this plugin as clean.
Risk analysis
No visible risk-analysis findings were reported for this release.