oracle

This script programmatically extracts and decrypts Chrome cookies (specifically those matching '%chatgpt%') by reading the Chrome Cookies DB and retrieving the Chrome Safe Storage password from the macOS Keychain. It then validates the session against chatgpt.com and writes decrypted cookies to an on-disk JSON file. The behavior is credential-harvesting and privacy-invasive. Even if intended for legitimate local backup or automation, the code poses a high security risk because it exposes live session tokens and could be trivially repurposed to exfiltrate credentials to an attacker-controlled server. Use of this code in a dependency or package is dangerous without very clear user consent, access controls, and safeguards. Immediate review and caution are recommended.

The script itself is not overtly malicious but presents a moderate-to-high supply chain and data-exfiltration risk because it fetches and runs a third-party npm package at runtime (npx -y) and supplies that package with a path to a local cookies file and a configurable network endpoint. If the npm package or the configured endpoint is malicious or compromised, sensitive data (cookies, tokens) could be read and exfiltrated or arbitrary code executed. Treat usage of this wrapper as high risk where secrets must be protected; apply dependency pinning, validation, and isolation.