browser-tools

No explicit malware/persistence/exfiltration logic is present in this snippet, but the module is a high-impact eval-like primitive: it runs fully user-supplied JavaScript inside an existing browser page using AsyncFunction construction and page.evaluate, then outputs the result to stdout/JSON. If used with attacker-controlled expressions and/or attacker-controlled browser targets, it can be used to read and return sensitive page data and manipulate page state. Treat as a security-sensitive debugging/automation tool and restrict who/what can supply the expression and connection target.

This module is best characterized as sensitive cookie management tooling that is inherently capable of credential/session compromise. It does not exhibit classic malware indicators (no obfuscation, no eval/Function, no covert outbound network exfiltration), but it can export cookie values to stdout/files and import cookie values back into a live browser via CDP, and it can delete cookies with potentially overbroad substring domain matching. Treat it as high-risk operational tooling and ensure strong controls around who can run it, which browser endpoint it connects to, and where import/export files are stored.