Gaston's - Video/Image Downloader was reported 2025-06-10 for Disallowed external code
The reporter said:
I ran it through Claude, and It's pretty scary what it found out:
Critical Security Violations 1. Automatic Remote Code Execution (Line 438) Script automatically downloads and executes JavaScript from external GitHub repository without user consent Uses eval() to run fetched code: eval(fetchedScript) Violates: Greasyfork's policy against auto-updating scripts with remote code 2. Code Obfuscation (Lines 1518-1549) Contains heavily obfuscated code with hex identifiers (_0x2c68c3, _0x2dcc16, etc.) Violates: Greasyfork's policy requiring readable, non-obfuscated code 3. Function Hijacking (Lines 801-817) Overrides native document.createElement to intercept user interactions Captures click events and download data without clear disclosure Potential: Data harvesting/tracking 4. Suspicious Network Activity Attempts localhost communication (http://localhost:3000/get-final-url) Extensive cross-origin requests without proper validation Risk: Could communicate with local malware or leak user data 5. Unauthorized Data Collection Uses persistent storage across multiple domains Implements cross-window message passing that could leak sensitive information No clear privacy disclosure Recommendation IMMEDIATE REMOVAL - This script exhibits multiple characteristics of malware and violates Greasyfork's security policies. Users should uninstall immediately and scan their systems. Evidence Locations Remote code execution: Line 438 Obfuscation: Lines 1518-1549 Function hijacking: Lines 801-817 Localhost communication: Lines 580-588 The script poses a significant security risk to users and should be removed from the platform.
This script has had 1 previous upheld or fixed report.
Gaston_ (the reported user) has made:
This report has been upheld by a moderator.
https://cdn.jsdelivr.net/gh/naquangaston/HostedFiles@main/UserScripts/Updater.js