obscura
Audited by Socket on May 19, 2026
2 alerts found:
AnomalySecurityFrom the provided fragment (documentation only), there is no concrete evidence of malware behaviors such as credential theft, persistence, or unsolicited external exfiltration. However, the tool is explicitly designed for stealth/anti-fingerprinting and to bypass bot-detection controls while offering a local CDP server and parallel scraping—capabilities that are inherently high-abuse and should be reviewed/controlled accordingly (e.g., restrict targets, monitor outbound traffic, and validate the actual binary/runtime behavior beyond this README).
The skill’s purpose and capabilities are broadly aligned, but its trust model is weak: it requires an unverifiable local browser binary with ad-hoc signing and no notarization. The main concern is supply-chain and operational risk, not confirmed malware; the stealth scraping/CDP features are coherent with the stated purpose but materially increase abuse and prompt-injection exposure.