browsing

No clear evidence of intentional stealth malware (e.g., C2, credential theft, cryptomining, or external exfiltration) is present in this single file. However, it is highly abusable: it provides an “eval”-equivalent primitive via CDP Runtime.evaluate (with multiple commands building code from user inputs) and an additional raw command that can send arbitrary CDP JSON-RPC payloads. It also performs unsanitized local file writes based on a user-supplied filename. If any caller or input (CLI args, target debugging endpoint, or raw payload) can be influenced by an attacker, the security risk is significant.