sd-search

Functionally, this fragment implements a ScienceDirect search-and-scrape skill that returns paper metadata. The extraction logic is standard and not directly malicious. However, it includes automation-evasion measures (overwriting navigator.webdriver) and a detailed automated bypass for Cloudflare Turnstile using accessibility snapshots and cross-origin iframe clicks. Those behaviors bypass browser protections and anti-bot controls, raising significant policy, legal, and security concerns. While no explicit network exfiltration or credential theft is present in the provided code, the capability to programmatically bypass CAPTCHAs and interact across origins materially increases the risk this skill could be misused for large-scale scraping or unauthorized actions. Recommendation: do not deploy this skill in general-purpose environments without strict safeguards — remove or require explicit user consent per sensitive action, eliminate automation-evasion scripts, and restrict execution to audited, privileged automation contexts with operator oversight.