browser

Warn

Audited by Socket on Jun 23, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/eval.cjs

This script is a legitimate-sounding developer utility that intentionally sends and executes arbitrary JavaScript in a browser page via the Chrome DevTools Protocol. It contains no direct obfuscation, hardcoded secrets, or built-in exfiltration behavior. However, because it evaluates untrusted input in a browser page context, it poses a significant danger if used with untrusted expressions or in automated environments where input can be controlled by an attacker. Use only with trusted inputs and ensure the DevTools endpoint is not exposed to untrusted networks/processes.

Confidence: 90%Severity: 60%
Audit Metadata
Analyzed At
Jun 23, 2026, 12:31 AM
Package URL
pkg:socket/skills-sh/oldwinter%2Fskills%2Fbrowser%2F@09f2f214d4ab39f015690e3d3da862d00b5f514254838c43d6b2e0ed6ce1003e
Security Audit — socket — browser