Security audit

AI Demo Recorder

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate demo-recording skill, but it deserves review because it can reuse logged-in browser sessions and uploads recordings to a cloud service by default.

Install only if you trust the external screencli CLI and cloud service. Use `--local` for internal, customer, regulated, or logged-in demos; prefer low-privilege test accounts; avoid recording secrets; and delete unused `~/.screencli/auth/` session files when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README explicitly states that recordings are uploaded to a shareable link, but it does not warn users that screen contents, typed data, tokens, internal URLs, or other sensitive material may be transmitted to a third-party service. In the context of an agent skill that may autonomously record browser sessions, this omission increases the risk of accidental disclosure because users may not realize that captured content leaves the local machine.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill states that recordings are auto-uploaded to screencli.sh by default, but does not present this as a prominent security/privacy warning at the point of use. Because the tool records AI-driven browser sessions that may include internal apps, sensitive UI data, or authenticated content, silent default upload to a remote service can expose confidential information unintentionally.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation instructs users to save authentication state for private apps in ~/.screencli/auth/myapp.json without warning about the sensitivity of that file. Persisted session state can often be reused to access private applications, so inadequate warning or protection guidance increases the risk of credential theft, lateral movement, or unauthorized access if the host is compromised or the file is mishandled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.