teach-web-actions
Warn
Audited by Socket on Jul 8, 2026
1 alert found:
AnomalyAnomalyscripts/run_variant.js
LOWAnomalyLOW
scripts/run_variant.js
The snippet is a Playwright runner that dynamically loads and executes a caller-specified JavaScript module (variantPath) with full Node.js privileges, passing it a Playwright page object. While the wrapper contains no explicit malware or exfiltration logic itself, the dynamic require + execution creates an inherently high-impact arbitrary code execution risk if variantPath is not fully trusted. Caller-controlled outDir and persistent profile usage further expand potential impact through filesystem writes and retained browser state.
Confidence: 68%Severity: 55%
Audit Metadata