record-screen

[Skill Scanner] Detected jailbreak/DAN attempt All findings: [CRITICAL] prompt_injection: Detected jailbreak/DAN attempt (PI003) [AITech 1.1] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] Functionally, the skill's declared capabilities match its described behavior: it records the visible Chrome tab via an unpacked extension and a local Node bridge that saves frames and encodes video. There are reasonable privacy/security concerns but not definitive evidence of outright malicious intent in the provided text. Primary risks: npm dependency supply-chain exposure, installing an unpacked extension that can access visible tab contents, and an auto-starting, apparently unauthenticated local bridge server (localhost:9234) which could be abused by other local processes if not hardened. Recommend reviewing the actual extension and bridge server source code, locking and vendoring npm dependencies (or auditing package.json), and adding local authentication or socket-only binding and file-permissions controls before trusting this tool with sensitive browsing sessions. LLM verification: The tool's documented behavior aligns with a legitimate local screen-recording use case. Primary security concerns are: (1) sensitive screen content being captured and stored on disk; (2) supply-chain risk from unpinned npm dependencies and installing an unpacked extension; and (3) the increased local attack surface from an auto-started bridge server if it lacks proper binding, authentication, or file-permission controls. No explicit signs of remote exfiltration or obfuscated/malicious code are