github-screenshots
Audited by Socket on Jun 25, 2026
1 alert found:
AnomalyThis module is primarily a functional screenshot automation tool with moderate security risk due to (1) intentional execution of arbitrary JavaScript in the visited page (--eval -> page.evaluate), (2) navigation to arbitrary URLs, (3) writing screenshots to an attacker-influenced filesystem path (--out) without a directory allowlist, and (4) supply-chain/module-loading risk if NODE_PATH or local npm cache/module contents are attacker-controlled. There is no direct malware/payload behavior evident in the provided snippet; the highest concerns are misuse capability and dependency-resolution hijacking in a compromised environment, with additional unknown risk introduced by the delegated upload.sh.