page-reduce

Warn

Audited by Socket on Jul 7, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/page-reduce-bundle.js

No clear indicators of classic malware (no eval/dynamic execution, no network activity/exfiltration, no credential theft). However, the module is highly intrusive and can destructively alter the host page in reduce mode (media replacement with generated blob URLs, stripping/removing content and attributes, tokenizing/rewriting markup) and it monkey-patches console logging globally. It also exposes a global content extraction primitive (window.__reduceForSkill) that returns tokenized representations and metadata, which can be privacy/security sensitive depending on who consumes it. Overall, treat as a high-integrity/availability and data-extraction risk rather than confirmed malware.

Confidence: 63%Severity: 66%
Audit Metadata
Analyzed At
Jul 7, 2026, 09:03 AM
Package URL
pkg:socket/skills-sh/adobe%2Fskills%2Fpage-reduce%2F@a5cb9c857d684e82001ea6ade3ae919a219203c267bb9be19d123cad83671c47
Security Audit — socket — page-reduce