web-automation-builder
Audited by Socket on Apr 7, 2026
4 alerts found:
Anomalyx2Securityx2This module is an automation recorder that launches local Chrome with remote debugging, injects scripts into pages, collects DOM/navigation/network-derived events, and writes detailed results to disk. In the shown code there is no direct external network exfiltration or obvious malicious logic, but the injection and data-collection capability (via buildInjectionScript() and COLLECT_SCRIPT, not shown) is the highest-risk area and could enable spyware-like behavior depending on what those scripts do. Review ./injector and ./network-monitor carefully to confirm they only capture intended, non-sensitive signals.
该技能的主要能力与“录制并重放浏览器操作”这一目的基本一致,未见明确外传、凭证窃取或恶意安装器,因此不像恶意技能。但其数据采集范围较大,会保存网络请求/响应内容和持久化浏览器认证态,并依赖其他本地 Skill 执行关键能力,整体属于中等风险、偏可疑的自动化技能。
No clear built-in malware/backdoor is visible in this file. However, there is a high-risk command execution primitive in exec() using execSync with user-controlled params.command (shell injection possible). Additionally, install/update perform npm installs in directories derived from user input, which can lead to supply-chain execution via npm lifecycle scripts. The stop() handler also returns raw request/response bodies for Fetch requests, which may expose sensitive data. Overall, this module should be reviewed and hardened (use execFile/spawn with argument arrays, strict allowlists, and validate target/ids).
No clear standalone malware logic is present, but the module has substantial security risk because it delegates to a downstream Playwright runner using execSync with a dynamically interpolated cmd (OS command injection risk) and also generates JavaScript source code from untrusted waitAfter.value for a runCode execution path (code injection risk). Additionally, it persistently mutates workflow.json using caller-provided optimizations, enabling durable attacker-controlled changes to what will be executed in future runs. Treat this as high-risk automation code unless workflow.json, the runner tool.js path, and CLI parameters are strictly trusted and protected.