web-demo-video

The project appears legitimate for generating demo videos by automating browsing and composing recordings. The main security concerns are supply-chain execution risks (runtime installation/execution of third-party packages) and sensitive-data leakage through recorded content (capturing authenticated pages, PII, or internal resources). There is no direct evidence in the provided fragment of obfuscated or malicious code or of active exfiltration routines. Recommended mitigations: run in isolated environments, clear or avoid active sessions, pin and verify dependencies (lockfiles, checksums), and audit scripts and package.json before executing — especially scripts/record-scenes.ts and any packages that run at install or runtime.