cad-explorer

No strong indicators of intentional malware/backdoor behavior are present in this fragment (no code execution primitives, no persistence, no direct secret theft). The primary risk is configuration-abuse: when enabled, the WebSocket destination can be overridden by a user-controlled query parameter and the default enablement may activate outside intended dev-only contexts. Remote responses are lightly validated and directly resolve/reject caller Promises, so a redirected endpoint could manipulate application behavior by controlling results/errors. Overall: moderate security risk concentrated on network redirection and integrity of returned data; low direct malware likelihood.