diff --git a/extensions/matrix/src/matrix/client/logging.ts b/extensions/matrix/src/matrix/client/logging.ts
index 22007fbc4ed..9e03989312c 100644
--- a/extensions/matrix/src/matrix/client/logging.ts
+++ b/extensions/matrix/src/matrix/client/logging.ts
@@ -5,6 +5,8 @@ let matrixSdkLoggingConfigured = false;
 let matrixSdkLogMode: "default" | "quiet" = "default";
 const matrixSdkBaseLogger = new ConsoleLogger();
 
+type MatrixLogMethod = "trace" | "debug" | "info" | "warn" | "error";
+
 type MatrixJsSdkLogger = {
   trace: (...messageOrObject: unknown[]) => void;
   debug: (...messageOrObject: unknown[]) => void;
@@ -25,6 +27,14 @@ type MatrixJsSdkLoglevelLogger = MatrixJsSdkLogger & {
   setLevel?: (level: number | string, persist?: boolean) => void;
 };
 
+const quietMatrixSdkLogger = {
+  trace: () => {},
+  debug: () => {},
+  info: () => {},
+  warn: () => {},
+  error: () => {},
+};
+
 export function ensureMatrixSdkLoggingConfigured(): void {
   if (!matrixSdkLoggingConfigured) {
     matrixSdkLoggingConfigured = true;
@@ -60,35 +70,37 @@ function shouldSuppressMatrixHttpNotFound(module: string, messageOrObject: unkno
   });
 }
 
+function writeMatrixSdkLog(
+  method: MatrixLogMethod,
+  module: string,
+  messageOrObject: unknown[],
+): void {
+  matrixSdkBaseLogger[method](module, ...messageOrObject);
+}
+
 function applyMatrixSdkLogger(): void {
   if (matrixSdkLogMode === "quiet") {
-    LogService.setLogger({
-      trace: () => {},
-      debug: () => {},
-      info: () => {},
-      warn: () => {},
-      error: () => {},
-    });
+    LogService.setLogger(quietMatrixSdkLogger);
     applyMatrixJsSdkLogger();
     return;
   }
 
   LogService.setLogger({
-    trace: (module, ...messageOrObject) => matrixSdkBaseLogger.trace(module, ...messageOrObject),
-    debug: (module, ...messageOrObject) => matrixSdkBaseLogger.debug(module, ...messageOrObject),
-    info: (module, ...messageOrObject) => matrixSdkBaseLogger.info(module, ...messageOrObject),
-    warn: (module, ...messageOrObject) => matrixSdkBaseLogger.warn(module, ...messageOrObject),
+    trace: (module, ...messageOrObject) => writeMatrixSdkLog("trace", module, messageOrObject),
+    debug: (module, ...messageOrObject) => writeMatrixSdkLog("debug", module, messageOrObject),
+    info: (module, ...messageOrObject) => writeMatrixSdkLog("info", module, messageOrObject),
+    warn: (module, ...messageOrObject) => writeMatrixSdkLog("warn", module, messageOrObject),
     error: (module, ...messageOrObject) => {
       if (shouldSuppressMatrixHttpNotFound(module, messageOrObject)) {
         return;
       }
-      matrixSdkBaseLogger.error(module, ...messageOrObject);
+      writeMatrixSdkLog("error", module, messageOrObject);
     },
   });
   applyMatrixJsSdkLogger();
 }
 
-function normalizeMatrixJsSdkLogMethod(methodName: string): keyof ConsoleLogger {
+function normalizeMatrixJsSdkLogMethod(methodName: string): MatrixLogMethod {
   if (methodName === "trace" || methodName === "debug" || methodName === "info") {
     return methodName;
   }
@@ -114,10 +126,7 @@ function applyMatrixJsSdkLogger(): void {
       if (method === "error" && shouldSuppressMatrixHttpNotFound(module, messageOrObject)) {
         return;
       }
-      (matrixSdkBaseLogger[method] as (module: string, ...args: unknown[]) => void)(
-        module,
-        ...messageOrObject,
-      );
+      writeMatrixSdkLog(method, module, messageOrObject);
     };
   };
   logger.setLevel?.(logger.levels?.DEBUG ?? "debug", false);
@@ -125,14 +134,11 @@ function applyMatrixJsSdkLogger(): void {
 }
 
 function createMatrixJsSdkLoggerInstance(prefix: string): MatrixJsSdkLogger {
-  const log = (method: keyof ConsoleLogger, ...messageOrObject: unknown[]): void => {
+  const log = (method: MatrixLogMethod, ...messageOrObject: unknown[]): void => {
     if (matrixSdkLogMode === "quiet") {
       return;
     }
-    (matrixSdkBaseLogger[method] as (module: string, ...args: unknown[]) => void)(
-      prefix,
-      ...messageOrObject,
-    );
+    writeMatrixSdkLog(method, prefix, messageOrObject);
   };
 
   return {
diff --git a/src/security/skill-scanner.ts b/src/security/skill-scanner.ts
index 0172817fab4..8ea6adf69bb 100644
--- a/src/security/skill-scanner.ts
+++ b/src/security/skill-scanner.ts
@@ -216,10 +216,7 @@ function truncateEvidence(evidence: string, maxLen = 120): string {
   return `${evidence.slice(0, maxLen)}…`;
 }
 
-function isAllowedDangerousExecEvidence(rule: LineRule, line: string): boolean {
-  if (rule.ruleId !== "dangerous-exec") {
-    return false;
-  }
+function isAllowedNodeSelfReexec(line: string): boolean {
   // Spawning the current Node executable with an argv array is not shell
   // execution. Keep direct shell/process launches blocked below.
   return /\bspawn\s*\(\s*process\.execPath\s*,/.test(line);
@@ -247,7 +244,7 @@ export function scanSource(source: string, filePath: string): SkillScanFinding[]
       if (!match) {
         continue;
       }
-      if (isAllowedDangerousExecEvidence(rule, line)) {
+      if (rule.ruleId === "dangerous-exec" && isAllowedNodeSelfReexec(line)) {
         continue;
       }