Skills
skills/replayio/skills/replay-cypress/Gen Agent Trust Hub

replay-cypress

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The command npx replayio install is used to download and install the Replay Chromium browser. This involves executing a binary from a third-party source not included in the trusted repository list.
  • COMMAND_EXECUTION (MEDIUM): The skill performs several package installations (@replayio/cypress) across multiple package managers (npm, yarn, pnpm, bun) without version pinning, which can lead to the execution of untrusted code if the registry or package is compromised.
  • REMOTE_CODE_EXECUTION (MEDIUM): The skill configures an external Model Context Protocol (MCP) server at https://dispatch.replay.io/nut/mcp. While this is part of the tool's functionality, it establishes a persistent connection to a remote endpoint controlled by a third party.
  • DATA_EXFILTRATION (LOW): The configuration enables upload: true by default, which automatically sends test recordings to Replay's servers. Users should be aware that their test artifacts and environment variables (via the API key) are transmitted externally.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:15 PM