yao-chatgpt-crawler
Warn
Audited by Socket on Jun 25, 2026
1 alert found:
AnomalyAnomalyscripts/chatgpt_batch_crawl.mjs
LOWAnomalyLOW
scripts/chatgpt_batch_crawl.mjs
No direct in-module malware indicators are visible (no obfuscation, eval/dynamic execution, or network/system-damaging code). The module is nonetheless a security-sensitive orchestrator: it executes a runtime-specified crawler script and passes the entire process.env to the child, while logging unredacted stdout/stderr to disk. If an attacker can influence crawlerScript, question/target inputs, or the child output, this wrapper can enable secret leakage and elevated impact; additionally, resume reuse can propagate tampered prior outputs.
Confidence: 66%Severity: 66%
Audit Metadata