obscura

Warn

Audited by Socket on May 19, 2026

2 alerts found:

AnomalySecurity
AnomalyLOW
README.md

From the provided fragment (documentation only), there is no concrete evidence of malware behaviors such as credential theft, persistence, or unsolicited external exfiltration. However, the tool is explicitly designed for stealth/anti-fingerprinting and to bypass bot-detection controls while offering a local CDP server and parallel scraping—capabilities that are inherently high-abuse and should be reviewed/controlled accordingly (e.g., restrict targets, monitor outbound traffic, and validate the actual binary/runtime behavior beyond this README).

Confidence: 52%Severity: 63%
SecurityMEDIUM
SKILL.md

The skill’s purpose and capabilities are broadly aligned, but its trust model is weak: it requires an unverifiable local browser binary with ad-hoc signing and no notarization. The main concern is supply-chain and operational risk, not confirmed malware; the stealth scraping/CDP features are coherent with the stated purpose but materially increase abuse and prompt-injection exposure.

Confidence: 81%Severity: 78%
Audit Metadata
Analyzed At
May 19, 2026, 04:43 PM
Package URL
pkg:socket/skills-sh/tdimino%2Fclaude-code-minoan%2Fobscura%2F@e4ffdd795a97f56f19121ae2231844f7ebe5a252
Security Audit — socket — obscura