Just be aware that this will likely never happen. The issue is that our rules are that inspectors cannot alter the system in any way and running an executable can definitely do this. In an action this makes a lot of sense but not in an inspector. Also its possible to run something that hangs and never comes back so thats an issue as well.
I’d rather add inspectors for what is needed, making some things a bit more generic. The executable dscl has been mentioned and as we use that for AD, we have code to inspect the underlying data but not in a generic way.