ui-demo
Records polished UI demo videos of web applications using Playwright, enhancing user understanding through visual storytelling.
Install this skill
Security score
The ui-demo skill was audited on May 18, 2026 and we found 11 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 103 | const msg = `REHEARSAL FAIL: "${label}" not found - selector: ${typeof locator === 'string' ? locator : '(locator object)'}`; |
Template literal with variable interpolation in command context
| 108 | .map(el => `${el.tagName}[${el.type || ''}] "${el.textContent?.trim().substring(0, 30)}"`) |
Template literal with variable interpolation in command context
| 114 | console.log(`REHEARSAL OK: "${label}"`); |
Template literal with variable interpolation in command context
| 223 | console.error(`WARNING: moveAndClick skipped - "${label}" not visible`); |
Template literal with variable interpolation in command context
| 236 | console.error(`WARNING: moveAndClick failed on "${label}": ${e.message}`); |
Template literal with variable interpolation in command context
| 255 | console.error(`WARNING: typeSlowly skipped - "${label}" not visible`); |
Template literal with variable interpolation in command context
| 290 | console.warn(`WARNING: panElements skipped element ${i} (selector: "${selector}"): ${e.message}`); |
Template literal with variable interpolation in command context
| 392 | await page.goto(`${BASE_URL}/dashboard`); |
Access to .env file
| 360 | const BASE_URL = process.env.QA_BASE_URL || 'http://localhost:3000'; |
External URL reference
| 191 | cursor.innerHTML = `<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"> |
External URL reference
| 360 | const BASE_URL = process.env.QA_BASE_URL || 'http://localhost:3000'; |