Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
- Maintainers
- 1
ok-script
类似于AirScript, 使用Python
优势
- 开源免费, 依赖库均为开源方案, 支持pip install任何第三方库
- 代码和打包流程完全由开发者控制, 不会上传服务器, 没有安全性隐患, 不容易被侦测和识别
- 一套代码即可支持Windows安卓模拟器/ADB连接的虚拟机, Windows客户端游戏, 安卓系统直接运行(开发中)
- 支持GUI以及Console运行, 也可以完全自己开发GUI
- 支持Python3.7以上版本
- 学习成本低, 自定义函数少, 也可以直接使用opencv, RapidOCR等api
目前有两个已完成项目:
基于OCR,白荆回廊自动凹技能,7*24小时自动脚本ok-baijing
自动战斗, 自动刷声骸, 跳过剧情等ok-ww
使用
由于目前没有文档以及修改比较频繁, 推荐fork一个版本, 然后把ok-script的ok目录, 软连接到你项目的ok目录进行使用
FAQs
Automation with Computer Vision for Python
We found that ok-script demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025