llmer-demo

This module is primarily a browser automation/recording runner that scrapes URL/DOM values into an exposed vars map and writes screenshots to disk. The clearest security concern is the 'exec' action, which executes an externally supplied function (await step.fn(ctx)) with access to the page/session/collected data—making arbitrary code execution possible if step definitions are not fully trusted. Additional risks include unvalidated dynamic regular expression compilation (ReDoS/perf manipulation) and potential filesystem path issues via step.name in screenshot filenames if upstream sanitization is absent. No overt malware/exfiltration behavior is visible in the provided fragment.

This is primarily a terminal UI/transport bridge. It meaningfully increases privacy and information-disclosure risk by (1) capturing document-level keydown events to build a keystroke overlay (keylogging-like behavior) and (2) exposing terminal scrollback via window.__demoflow_getBuffer. It also forwards terminal input to a local WebSocket and renders untrusted WebSocket output into the terminal. While there are no clear self-contained malicious actions (no eval/backdoor/system interaction shown), the presence of these data-exposure primitives makes it a security-sensitive component, especially in untrusted page contexts or with untrusted co-resident scripts/dependencies.

No direct evidence of overt malware behavior (e.g., network exfiltration or backdoor/persistence) is present in this fragment. However, the implementation contains two high-impact injection primitives: shell command execution via execSync with interpolated inputPath (command injection risk if inputPath can be influenced) and eval-based execution of annotationCode derived from options.annotations (turns annotation data into JavaScript execution in the headless browser context). Additionally, outputPath is passed to ffmpeg for writing, which can enable clobber/overwrite depending on permissions. In a supply-chain context or when inputs are not fully trusted, this module should be treated as high security risk and requires refactoring (avoid execSync shell strings; remove eval; strictly validate/whitelist inputs).

No explicit malware/backdoor or network exfiltration is visible in this fragment. However, the included browser keystroke visualization script is keylogger-like (privacy-invasive, highly sensitive), and the Node.js video conversion utilities execute ffmpeg/ffprobe via execSync with interpolated command strings and parameter-derived ffmpeg filter expressions. If any inputs are attacker-controlled or insufficiently validated, this can lead to shell command injection/filter-expression injection and potential host compromise. Recommend removing or strictly consent-gating the keystroke overlay, and replacing execSync with execFile/spawn argument arrays plus strict numeric/path validation and escaping for all parameters used in filters and command construction.

No clear evidence of intentional malware (backdoor/cryptomining/exfiltration) in the provided fragment. However, there are significant security concerns: (1) likely path traversal/arbitrary file read risk via `/files/:dir/:path` using `join(outputDir, ...)` with a permissive `(.+)` capture and no ‘stay-in-directory’ check; (2) potential XSS injection risk due to server-side generation of HTML via template literals with untrusted interpolated values (especially where preview/render options originate from query params or manifest data). Overall, this module should be reviewed and hardened (path normalization + allowlisting, output escaping/encoding, strict validation of query/header inputs).

SUSPICIOUS. The core browser/terminal demo functionality is coherent, and most package installs are standard. Risk rises because the skill installs another external skill, processes untrusted repo content while holding Bash/Write/Agent capabilities, can execute arbitrary terminal commands from natural-language scenarios, and references disabled HTTPS verification. This looks more like a high-risk automation skill than outright malware.