eliteforge-brainstorming
Warn
Audited by Socket on Jun 24, 2026
1 alert found:
AnomalyAnomalyscripts/helper.js
LOWAnomalyLOW
scripts/helper.js
This module behaves like a client-side telemetry/control component: it collects click and choice-related DOM data (including text and identifiers) and transmits it to a WebSocket server, while also allowing server-sent messages to force a page reload. The most notable security concerns are (a) use of unencrypted ws:// transport, (b) avoidable use of innerHTML with concatenated label content (potential XSS if any DOM/dataset values are attacker-influenced), and (c) remote navigation control via WebSocket. No strong indicators of overt malware are present in this snippet, but it warrants review for privacy, transport security, and DOM injection hardening.
Confidence: 70%Severity: 62%
Audit Metadata