Dynamic code execution detected.
Critical
- Code
- suspicious.dynamic_code_execution
- Location
- dist/index.js:323
- Evidence
const fn = new Function(`return (${expr});`);
Security audit
Security checks across malware telemetry and agentic risk
This is a disclosed stealth browser automation plugin with sensitive capabilities, but I found no hidden exfiltration, destructive behavior, or purpose-mismatched code.
Install only if you intentionally want a stealth-capable browser automation plugin. It can persist browsing profiles, export httpOnly cookies from its own sessions, use proxies, run page JavaScript, and interact with challenge pages, so avoid using it with accounts or sites where session cookies or automated actions would create unacceptable risk.
65/65 vendors flagged this plugin as clean.
Detected: suspicious.dynamic_code_execution
const fn = new Function(`return (${expr});`);const fn = new Function(`return (${expr});`);