A An issue in Kap through 3.6.0 on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r

With this tool, we can check if the App is Vulnerable:

After validation, we can inject our code, and get a shell

Enjoy Your Shell :)