Back to skill

Security audit

Demo Video Creator

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: records browser demo footage locally, with privacy and overwrite risks users should manage.

Install only if you are comfortable with a script controlling a browser and recording its visible contents. Use a demo profile and sanitized data, avoid production accounts or private dashboards, confirm the target page before recording, keep output paths pointed at disposable demo folders, and review generated frames or videos before sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to record browser sessions, including clicks, hovers, typing, and full-page captures, but does not warn that screenshots and encoded video may capture secrets visible on screen or entered during the demo. In this context, the risk is real because product demos often occur in authenticated apps containing customer data, tokens, internal URLs, or credentials, and the saved frames create a durable copy that can be exfiltrated or shared unintentionally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.