nature-downloader

Warn

Audited by Socket on Jul 5, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/browser_pdf_downloader.mjs

This module is best characterized as a high-capability downloader that uses an authenticated, CDP-controlled browser session to perform credential-including fetches and then persists the retrieved bytes to a user-specified local path in chunks. It does not show classic malware indicators (no C2, no command execution beyond proxyEval, no credential theft logic), but it has substantial misuse potential: it can fetch protected content via existing browser credentials and (with --allow-non-pdf) write arbitrary remote content to disk. The security posture largely depends on the safety/isolation of the CDP proxy/target and the trust model around user-supplied CLI arguments (especially --url and --out).

Confidence: 62%Severity: 60%
Audit Metadata
Analyzed At
Jul 5, 2026, 07:08 AM
Package URL
pkg:socket/skills-sh/Yuan1z0825%2Fnature-skills%2Fnature-downloader%2F@777c91737ec86eebbdf52e3a3273f7dd75924f55e3819b13c43c9fcab20955d5
Security Audit — socket — nature-downloader