Cloaked headless browser for AI agents — stealth TLS, smart extraction, SPA fallback
Drift inferred · capture-to-capture
- HIGH code analysis flagged dynamic code execution in KultMember6Banger/kloakt
transport stdio · http
verified
reported
listed in the official MCP registry counts 0 tools · 0 res
· 0 prompts
permission surface via code analysis
no tools enumerated yet for this server.
prompt-surface
shipped agent-instruction files + hidden-content / dangerous-code findings —
quoted from the analyzed source
analyzed commit 7b03413 · analyzer v17 · 3d ago
skills & prompt files 1
- agent-rulesKultMember6Banger-kloakt-7b03413/AGENTS.md
danger signals1
- dynamic code executionnew Function()KultMember6Banger-kloakt-7b03413/crates/obscura-js/js/bootstrap.js:2598
const fn = new Function('self', 'postMessage', 'addEventListener', 'close', worker._code);
evidence-backed
findings quoted directly from the published source artifact — not inferred
shell / exec 1
- shell KultMember6Banger-kloakt-7b03413/crates/obscura-js/js/bootstrap.js :2900
constructor(pattern){this._pattern=pattern||{};} test(){return false;} exec(){return null;}
network 1
- net KultMember6Banger-kloakt-7b03413/crates/obscura-js/js/bootstrap.js :542
fetch(fullUrl, {mode: 'no-cors'}).then(async resp => {