Back to skill

Security audit

Screencast Studio

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local screencast tool, but its default workflow can delete unrelated files in the chosen folder and it stores login/session artifacts and private UI captures without strong handling guidance.

Install and run this only in a fresh disposable screencast folder, not inside an existing project, unless you remove or inspect the `clean` step first. Use demo or low-privilege accounts, treat `storageState.json`, screenshots, videos, summaries, and review frames as sensitive, keep them out of git and shared archives, and delete or rotate the session after recording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script persists authenticated browser state to storageState.json and also saves a post-login screenshot and UI structure summary to disk. Those artifacts can contain session cookies, local storage tokens, account URLs, internal navigation labels, and other sensitive application data; if reused or exfiltrated, they may enable account/session hijacking or disclose private app structure beyond the immediate recording task.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
After login, the code enumerates visible navigation links, headings, buttons, and the current URL, then writes them to post-login-summary.json. In the context of a post-authenticated session, this acts as reconnaissance against the private application surface and may capture sensitive feature names, tenant-specific labels, internal routes, or confidential workflow metadata not needed just to record a screencast.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly states that `storageState.json` contains cookies, which are authentication/session artifacts, but it does not warn users that this file is sensitive, should be protected, and must not be committed, shared, or archived insecurely. In the context of a screencast automation skill that logs into real web apps, exposed storage state can enable session hijacking or unauthorized access to the target application.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Writing context.storageState() to disk stores durable authenticated session material such as cookies and possibly local/session storage values. Without any warning, protection, or lifecycle management, this creates a reusable credential artifact that can be copied by other local users, committed to source control, or unintentionally included in logs, backups, or shared demo assets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
templates/postprocess.js:136

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
templates/review.js:46