Skills
skills/zhongjiaxiong/web-reverse-skill-notes-20260319/web-reverse/Gen Agent Trust Hub

web-reverse

Warn

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script web_replay.js fetches content from a remote URL, extracts a JavaScript payload using regular expressions, and executes it locally using the vm.runInContext method. This allows for the execution of arbitrary code sourced from an external website within the Node.js runtime.
  • [COMMAND_EXECUTION]: The solver.py script utilizes the Playwright library to launch and control a web browser, relying on a hardcoded path to the Google Chrome executable.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the automated downloading and analysis of external resources, including JavaScript bundles and WebAssembly (.wasm) files, from the match.yuanrenxue.cn domain.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 21, 2026, 01:12 AM