Security concern

[TuncTaylan]

Hi everyone,

There is this part in the oh-my-posh debug messages I'm concerned about:

...
[DEBUG] 13:23:55.015 ytm.go:setStatus:65 ↓
    GET /query HTTP/1.1
    Host: 127.0.0.1:9863
    User-Agent: Go-http-client/1.1
    Accept-Encoding: gzip

...
[ERROR] 13:23:55.017 ytm.go:setStatus:65 → Get "http://127.0.0.1:9863/query": dial tcp 127.0.0.1:9863: connectex: No connection could be made because the target machine actively refused it.
[TRACE] 13:23:55.017 ytm.go:setStatus(http://127.0.0.1:9863/query) - 3.1241ms
...

What service should be running on port 9863 and why is this call made?
What is this about?

A search for this port yields something about a Backdoor.Win32.PsyRat.b, which is also concerning:
https://www.speedguide.net/port.php?port=9863

Edit: I'm guessing from this:
https://github.com/search?q=repo%3AJanDeDobbeleer%2Foh-my-posh%209863&type=code
that it is about this:
https://github.com/ytmdesktop/ytmdesktop

Shouldn't it just be checked before making the api call, if those addon is installed?

[JanDeDobbeleer]

You added the YTMD segment to your configuration. Nothing weird about that. Don't add that segment if you don't use YTMD, we don't check for installed application as that's more expensive than doing the call.

[TuncTaylan]

Well not quite true. I just used one of the preinstalled themes (yours precisely) and didn't do any configuration further.

[JanDeDobbeleer]

Sure, but still part of the config so to be expected. It's definitely not a security concern, but by design.