looker-dev

No direct malicious payload is evident in this wrapper alone. However, it conditionally loads a local '../../../.env' and forwards all (non-empty) environment values to a spawned npx-installed dependency, while also passing arbitrary CLI arguments to that invoked tool. This creates a meaningful supply-chain and secret-exposure risk; the exact threat level depends on the behavior of @toolbox-sdk/server and how it handles forwarded env/arguments.

No explicit malicious code is present in this wrapper. The main security concern is supply-chain and secret-exposure risk: it executes an external npm package/tool via npx (runtime resolution/execution) and forwards nearly all environment variables, with optional merging of a local .env file, directly to that executed process. User-provided CLI arguments are also passed through with minimal validation, so the invoked tool’s behavior and its handling of secrets/arguments should be treated as a primary review target.

No explicit malware/backdoor behavior is evident in this file. The main security concern is operational: it executes a third-party toolbox tool at runtime via npx and passes a broadly populated environment that may include secrets read from a local .env file (when GEMINI_CLI is set) and mapped CLAUDE_PLUGIN_OPTION_* variables. It also inherits stdio, potentially exposing sensitive output in logs. Treat as a moderate supply-chain/secret-exposure risk until the invoked tool’s handling of env/arguments is verified and secret propagation is allowlisted or minimized.

No explicit malicious payload is present in this wrapper code. However, it conditionally loads a local .env file and forwards a broad set of environment variables (including those likely to contain credentials/config) to an external npx-invoked dependency. Because the dependency is executed at runtime and receives inherited stdio, the main security concern is supply-chain/runtime execution risk and potential secret exposure if the invoked package logs or transmits environment data.

No overt malware behavior is present in this wrapper itself; it mainly orchestrates configuration and delegates execution to an external npx-invoked package. The primary security concerns are (1) supply-chain/execution risk inherent to running a third-party dependency via npx at runtime, (2) conditional loading and forwarding of local ../../../.env contents into the child’s environment, and (3) forwarding user-provided CLI arguments and nearly all environment variables to that dependency, increasing the blast radius if the dependency behaves unexpectedly or is compromised.

No overt malicious code is visible in this wrapper module; it primarily launches an external dependency. The dominant security risks are supply-chain/runtime execution via npx of @toolbox-sdk/server@1.1.0 and potential secret exposure because it loads a local .env file and passes those values directly to the spawned child process. Review the invoked tool’s handling of environment variables and CLI arguments, and restrict/avoid loading .env contents in untrusted contexts.

This module is a Node.js CLI wrapper that conditionally reads a local .env file and merges environment variables, then executes an external npm tool via npx (@toolbox-sdk/server@1.1.0) with user-provided arguments while forwarding a broad environment to the child process. There is no direct evidence of overt malware in this snippet (no eval, no network calls, no file writes), but the broad env forwarding and loading of local .env create a meaningful risk of sensitive data exposure and an execution/supply-chain impact surface because it runs third-party code with those secrets.

No direct malicious payload is visible in this wrapper, but it meaningfully increases risk by (1) delegating a destructive action to an external tool named "delete_project_file" executed via npx, (2) optionally loading a local .env file and forwarding its contents into the child process environment, and (3) forwarding arbitrary user CLI arguments without validation—factors that could lead to credential exposure and unintended destructive behavior depending on the invoked tool’s implementation.

This file is not overtly malicious by itself; it primarily acts as an environment-preparing launcher. However, it creates a meaningful supply-chain/execution risk by invoking a third-party package via npx and provides that tool with broad environment variables, including values loaded from a local '../../../.env' when GEMINI_CLI==='1'. On Windows it also runs the spawn call with shell:true, slightly increasing the command parsing/interpretation risk surface. Overall: moderate security risk concentrated in secret exposure and delegated execution rather than direct malware in this snippet.

No direct evidence of malicious payload behavior (e.g., obfuscation, credential theft logic, exfiltration, backdoors) is present in this module. However, the code is a launcher that executes a third-party package/tool via npx and broadly forwards environment variables to that subprocess. In GEMINI_CLI mode it also reads a local ../../../.env and injects its contents into the spawned environment, creating a meaningful risk of secret exposure (especially if the invoked tool logs environment variables) and a moderate supply-chain/runtime risk due to npx execution.

No explicit malware is visible in this wrapper itself, but it dynamically executes an external npm package via `npx` and forwards environment data—including values loaded from a local `.env`—into that package’s runtime. This creates significant supply-chain and secret-handling risk. Recommend reviewing the behavior of `@toolbox-sdk/server` and the `get_connections` tool, and limiting/allowlisting which environment variables (especially secrets) are passed to the child process.

No clear indicators of direct malware are present in this wrapper. However, it creates a meaningful supply-chain and secret-propagation risk: it executes an external npm package via npx and forwards a broadly populated environment (including values parsed from a local .env file when GEMINI_CLI is enabled) to the invoked subprocess with inherited stdio. This should be reviewed/controlled by ensuring the invoked package/tool is trusted and that the .env contents and forwarded env do not contain unnecessary secrets.

No direct malicious payload is evident in this module. However, it dynamically executes a third-party tool via npx (@toolbox-sdk/server@1.1.0) and forwards both user-supplied CLI arguments and a potentially secret-containing environment (including a local ../../../.env when GEMINI_CLI===1) to that executed process. On Windows, shell:true further increases the importance of robust argument handling. Security impact therefore depends heavily on the downstream tool/package behavior and how the .env is populated; treat it as a moderate supply-chain/secret-propagation risk rather than clear in-module malware.

This file is a runtime command wrapper rather than a direct malware implementation, with no clear in-file indicators of backdoor behavior. The meaningful security concerns are (1) executing `@toolbox-sdk/server@1.1.0` via npx at runtime (supply-chain/execution-time risk), and (2) merging a local `.env` file (and nearly all existing environment variables) into the child environment forwarded to that tool (potential secret exposure depending on downstream handling).

This module is a thin execution wrapper that runs an external toolbox SDK via npx to invoke a tool named "delete_git_branch". The wrapper itself contains no obvious in-file malware primitives, but it introduces medium operational/supply-chain risk by (1) executing third-party code at runtime with stdio inherited, (2) forwarding arbitrary CLI arguments to the invoked tool, and (3) conditionally importing local '../../../.env' values into the environment passed to the subprocess (increasing the chance of sensitive configuration being available to the tool). Review the invoked @toolbox-sdk/server implementation and the semantics of forwarded arguments/environment for safety; treat the package as requiring scrutiny before use in sensitive environments.

This module is a subprocess launcher. Its primary security concern is that it may load and forward sensitive data from a local .env file (when GEMINI_CLI==='1') and then execute an external package via npx (@toolbox-sdk/server@1.1.0), forwarding both the merged environment and arbitrary user CLI arguments to the invoked tool. While the wrapper itself shows no explicit malware/exfiltration code, the combination of dynamic execution and unfiltered secret/config propagation creates a moderate supply-chain/runtime risk that should be reviewed in conjunction with the behavior of the invoked tool and how .env/CLI inputs are controlled.

This file is a high-impact launcher that executes a pinned external package via npx to invoke a tool explicitly named "delete_project_directory". While it contains no obvious in-module malware logic, it materially increases risk by (1) performing destructive behavior via delegated tooling and (2) conditionally loading secrets from a local ../../../.env and forwarding them to the spawned process, and (3) allowing user-controlled CLI arguments to be passed through to the deletion tool. Treat as a security-relevant supply-chain/destructive-action wrapper and review/audit the invoked @toolbox-sdk/server behavior and argument/path handling; also minimize secret exposure in the environment passed to the child.