process-compose-ops
Audited by Socket on Jun 16, 2026
1 alert found:
AnomalyThis module primarily implements legitimate boot auto-start for a bundled local application using Task Scheduler plus a wrapper that sets PATH and optionally loads .env configuration. No explicit malware behaviors (network exfiltration, credential theft, reverse shells, or destructive actions) are present in the shown code. However, it does introduce meaningful security risk due to Windows boot persistence, hidden execution, and -ExecutionPolicy Bypass, combined with weakly validated .env-to-environment injection that can propagate secrets or attacker-controlled values into the launched executable. The main threat is supply-chain/tampering: if the package artifacts or .env/YAML are altered, persistence makes repeated execution likely.