nature-downloader
Audited by Socket on Jul 5, 2026
1 alert found:
AnomalyThis module is best characterized as a high-capability downloader that uses an authenticated, CDP-controlled browser session to perform credential-including fetches and then persists the retrieved bytes to a user-specified local path in chunks. It does not show classic malware indicators (no C2, no command execution beyond proxyEval, no credential theft logic), but it has substantial misuse potential: it can fetch protected content via existing browser credentials and (with --allow-non-pdf) write arbitrary remote content to disk. The security posture largely depends on the safety/isolation of the CDP proxy/target and the trust model around user-supplied CLI arguments (especially --url and --out).