cors-policy-validator

SUSPICIOUS: the stated purpose is benign and narrowly scoped, but the actual permission footprint is broader than needed because Bash(npm:*) enables arbitrary package installation and code execution without any pinned dependency or documented necessity. No direct credential theft or exfiltration is present, so this is not malicious, but it is over-permissioned for its purpose.