agent-testing
Audited by Socket on Jun 19, 2026
3 alerts found:
SecurityAnomalyx2This file is a probing/diagnostic CLI that orchestrates powerful actions: it spawns a configurable browser/debug endpoint and injects dynamically bundled JavaScript into it via CDP 'eval' over stdin, then captures probe output and persists it as JSON dumps. The fragment does not show explicit malware, exfiltration, or credential theft by itself, but the CDP eval injection capability and the intent to intercept WebSocket/fetch traffic make the overall security posture moderately risky, primarily for privacy/retention and potential abuse if the bundled probe/analyzer scripts are malicious or overly permissive. Review the unseen probe-events.ts/probe-dump.ts/analyze-events.ts for collection scope, redaction, and any external communications.
This code installs a browser-side probing/telemetry mechanism that repeatedly samples internal chat store state and DOM text, computes metrics and per-message summaries, and stores them in global __PROBE_SAMPLES/__PROBE_EVENTS. It also exposes global functions to click chat UI tabs. No direct network exfiltration is present in the snippet, but the collected global data could be read and transmitted by other parts of the supply chain. Overall, it is suspicious primarily due to continuous high-frequency data harvesting of chat/DOM state and covert automation hooks.