yao-chatgpt-crawler

Warn

Audited by Socket on Jun 25, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/chatgpt_batch_crawl.mjs

No direct in-module malware indicators are visible (no obfuscation, eval/dynamic execution, or network/system-damaging code). The module is nonetheless a security-sensitive orchestrator: it executes a runtime-specified crawler script and passes the entire process.env to the child, while logging unredacted stdout/stderr to disk. If an attacker can influence crawlerScript, question/target inputs, or the child output, this wrapper can enable secret leakage and elevated impact; additionally, resume reuse can propagate tampered prior outputs.

Confidence: 66%Severity: 66%
Audit Metadata
Analyzed At
Jun 25, 2026, 12:28 PM
Package URL
pkg:socket/skills-sh/yaojingang%2Fyao-geo-skills%2Fyao-chatgpt-crawler%2F@60f57966bc3cb24b3e3075f7c87de1c1ba024e26011119cbc9c35da2466f073d
Security Audit — socket — yao-chatgpt-crawler