haizei-cyberpunk-terminal-ppt
Warn
Audited by Socket on Jul 7, 2026
1 alert found:
AnomalyAnomalyscripts/render-ppt.mjs
LOWAnomalyLOW
scripts/render-ppt.mjs
No explicit signs of embedded malware (e.g., stealer/backdoor/exfiltration) are visible in this module. However, the script has meaningful security risk in practice: it executes automation against an attacker-supplied URL in a headless browser launched with '--no-sandbox' and it writes raw untrusted remote outerHTML directly to local HTML files without sanitization. Additionally, user-controlled '--browser' and '--out' increase operational blast radius (arbitrary binary selection and potential unintended filesystem writes if paths are not constrained).
Confidence: 62%Severity: 52%
Audit Metadata