Loading npm security reports…
In-repo ticket management system with CLI and web interface
An explicitly started MCP server exposes shell command injection through tool arguments. No install-time execution or confirmed exfiltration is present.
`dist/mcp/server.js` builds a shell command from MCP arguments and calls `child_process.exec`.
dist/mcp/server.jsView on unpkg`dist/mcp/server.js` builds a shell command from MCP arguments and calls `child_process.exec`.
dist/mcp/server.jsView on unpkg