AI Demo Recorder
v1.0.0Record AI-driven browser demos with screencli. One command creates a polished screen recording with gradient backgrounds, auto-zoom, click highlights, and cu...
⭐ 0· 52·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the SKILL.md: the skill instructs the agent to run the screencli CLI (npx screencli record) to capture browser demos, apply effects, and upload. Declared runtime requirements (Node.js, FFmpeg) and auth usage (browser login, saved auth state) are coherent with a remote-uploading screen-recording tool.
Instruction Scope
Instructions are focused on recording browser sessions and managing recordings/auth. They explicitly save auth state to ~/.screencli/auth/<name>.json and config to ~/.screencli/config.json and upload recordings to screencli.sh by default. This is expected, but it means private site content and browser session data (cookies/localStorage) can be captured and uploaded unless the user uses --local or unlisted options. The SKILL.md does not instruct reading unrelated system files or env vars.
Install Mechanism
No install spec is included in the skill package itself (instruction-only). The SKILL.md uses npx to run screencli, which causes a dynamic package fetch and execution from npm at runtime. That is normal for CLI usage but carries the usual runtime trust implications: code will be downloaded and executed on the user's machine when run.
Credentials
The skill does not request environment variables or external credentials in the registry metadata. Runtime behavior will create and use files under the user's home (~/.screencli/) to store auth tokens, browser session state, and config. Those are proportional to the described purpose but are sensitive artifacts — recordings and saved auth state may contain private information.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It will cause the screencli CLI to store its own config and auth in the user's home directory, which is normal for a CLI that supports persistent login sessions.
Assessment
This package is internally consistent with an AI-driven screen-recording CLI, but before using it consider: (1) npx screencli will fetch and run code from the npm registry at runtime — only run it if you trust the upstream package and publisher; (2) recordings (video + events.json) and browser auth state are saved locally under ~/.screencli and are uploaded to screencli.sh by default — use --local and/or --unlisted if the content is sensitive; (3) saved auth files contain session data (cookies/localStorage) and should be protected or removed when no longer needed (use npx screencli logout and delete ~/.screencli/auth/<name>.json); (4) review the screencli service's privacy/terms at https://screencli.sh before uploading private pages; (5) because this is instruction-only with no bundled code, there is no static inspectable runtime code in the skill package itself — runtime behavior depends on the external screencli CLI that npx will fetch, so inspect that project or its npm package if you need higher assurance.Like a lobster shell, security has layers — review code before you run it.
latestvk973wa33kz6g86cdmff8j2a1x583q3wn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.