1c-web-session

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The package is primarily an automation toolkit, but it contains a high-risk remote-code-execution vector: it reads arbitrary JavaScript from the clipboard and (via eval) executes it in the runner context (with access to the Playwright page and Node fs/network), combined with clipboard manipulation and filesystem I/O — this enables credential theft, data exfiltration and arbitrary host actions if an attacker can place code into the clipboard or trick an operator into running a crafted clipboard payload.