domain-mask

Warn

Audited by Socket on Jul 7, 2026

1 alert found:

Security
SecurityMEDIUM
scripts/domain-mask.mjs

This module is best characterized as a powerful local domain-masking HTTPS reverse proxy. While it does not show covert malware behavior (no obvious data theft/backdoor/exfiltration), it performs high-impact system and trust manipulation: edits /etc/hosts, generates a trusted mkcert certificate for a user-supplied hostname, proxies arbitrary requests to an arbitrary upstream, rewrites redirects to preserve the masked domain, and strips HSTS. These capabilities make it potentially dangerous for impersonation/phishing or inadvertent interception, especially when mkcert trust is enabled in the environment.

Confidence: 72%Severity: 78%
Audit Metadata
Analyzed At
Jul 7, 2026, 09:03 AM
Package URL
pkg:socket/skills-sh/adobe%2Fskills%2Fdomain-mask%2F@1696097cc5b7dd11c7c7a97112e583d0e8df08d8cd4ef2cb6cbe51d3f2cf3284
Security Audit — socket — domain-mask