Drission Sota Toolkit

The toolkit provides high-risk browser automation and network relaying capabilities, including raw CDP (Chrome DevTools Protocol) takeover (force_takeover.py) and a local TCP tunnel (python_relay.py). While the bundle includes elaborate 'security gating' mechanisms like Unix Domain Socket handshakes (sota_core.py) and physical lockfiles to prevent unauthorized autonomous execution, the ability to inject low-level drivers and bypass bot detection via impersonation (ultra_experiment.py) represents a significant attack surface. No evidence of intentional data exfiltration or backdoors was found, but the 'nuclear' capabilities and bypass techniques warrant a suspicious classification.