visual-verify

This module is not clearly a self-contained malware payload, but it is security-sensitive by design: it executes attacker-controlled JavaScript in the browser target via CDP Runtime.evaluate (through explicit 'eval' actions and 'custom' assertions) and can navigate to attacker-controlled URLs without validation. If the JSON input or CDP endpoint is not fully trusted, the risk is high because this provides arbitrary code execution in the page context, which can be used for data access or hostile actions.