canghe-danger-gemini-web

This module is designed to automate obtaining authenticated Google (Gemini) cookies by launching or attaching to Chrome via the DevTools Protocol, polling for session readiness, and persisting cookies to disk. The code does not contain obvious obfuscated malware, remote command/backdoor behavior, or calls to attacker-controlled endpoints. However, it performs sensitive actions: retrieving and storing authentication cookies and controlling a browser process. That behavior is high-risk from a credential-exposure perspective and could be misused to harvest credentials if used without explicit user consent. Recommend treating this component as sensitive: audit its use, ensure the user knows cookies will be extracted and stored, restrict access to the cookie cache file, and verify provenance of the package before use.

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill implements a reverse‑engineered Gemini Web client that relies on browser-based Google authentication and local cookie/profile access, and runs via 'npx -y bun'. The required access to browser cookies/profile and the runtime remote execution pattern (npx) are disproportionate and increase supply‑chain and credential‑forwarding risk. There is no direct evidence of active malware or obfuscation in the provided documentation, but the combination of cookie reuse, proxy configuration, and runtime package fetching is suspicious and high‑risk for credential harvesting or MITM if the implementation or endpoints are malicious or compromised. Recommend manual code review of the scripts/gemini-webapi implementation, verification of exact network endpoints, and avoidance of reusing browser cookies; prefer official OAuth or API keys and pinned, audited dependencies. LLM verification: The best-presented report (Report 2) provides a coherent, multi-faceted view of the skill’s consent gating, execution model, and data flows, with a balanced assessment of risks. An improved version should emphasize concrete data-flow diagrams, explicit data lifecycle notes (consent.json, cookies, sessions), and explicit assurances about TLS/endpoint trust, plus recommended mitigations for reverse-engineered API usage (license/terms review, endpoint integrity checks). Overall, the skill appears b