replay-playwright

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] No evidence of malware or hidden malicious behavior. The skill legitimately requests an API key and uploads recordings to Replay's service — this matches the documented purpose. The primary security concerns are operational: (1) ensure the REPLAY_API_KEY is stored and supplied securely (avoid embedding it in command-line arguments or checked-in .env files), (2) be aware recordings and API keys are sent to Replay's endpoints. Recommend confirming the replay.io domain is the expected official endpoint and using secure secret management for CI and local environments. LLM verification: BENIGN: The skill fragment coherently describes setting up Replay with Playwright, including installation, authentication via REPLAY_API_KEY, and configuration. No hardcoded secrets or covert data exfiltration are present. Data flows follow expected patterns (env-based API keys, uploads to official Replay endpoints, optional MCP integration). Some ancillary narrative (MCP server CLI example) is non-critical to core functionality but does not introduce malicious behavior.