Chrome Screenshot
WarnAudited by ClawScan on May 10, 2026.
Overview
This is mostly a coherent local screenshot helper, but its script builds executable Node.js code from unescaped file, output, and width arguments, so crafted inputs could run code on the user's machine.
Review carefully before installing. Use only trusted, locally authored HTML and simple safe paths, and prefer a patched version that validates width and passes file paths safely instead of embedding them in JavaScript source. Also confirm the required local Chrome, Node/npm, python3, and puppeteer-core setup.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted filename, output path, or width argument could make the agent run unintended local code under the user's account.
WIDTH, the HTML filename, and OUTPUT are inserted directly into JavaScript source passed to node -e. If those values contain quotes or JavaScript syntax, they can break out of the intended literals and execute arbitrary Node.js code.
await page.setViewport({width: $WIDTH, height: 900}); ... await page.goto('http://127.0.0.1:$PORT/$NAME' ...); ... await page.screenshot({path: '$OUTPUT', fullPage: true});Validate width as an integer, pass paths through argv or environment variables instead of interpolating into node -e, and JSON-escape or encode any value embedded into JavaScript or URLs.
During rendering, other local processes could access files served from that directory, and untrusted HTML would run in a less isolated browser process.
The script starts a localhost web server for the whole HTML directory and disables Chrome sandboxing. This is aligned with screenshot generation, but it increases risk if the HTML or directory contents are untrusted.
python3 -m http.server "$PORT" --bind 127.0.0.1 & ... args: ['--no-sandbox', '--disable-setuid-sandbox']
Use only trusted, locally authored HTML in non-sensitive directories; consider serving only the target file and avoiding --no-sandbox when Chrome can run safely without it.
The behavior depends on whatever global puppeteer-core package is installed on the machine, which may vary by version or provenance.
The skill relies on a globally installed npm package without pinning a version. This is expected for the stated Chrome/puppeteer purpose, but users should understand the dependency source and version.
puppeteer-core installed globally: `npm install -g puppeteer-core`
Prefer a pinned dependency version or a reviewed local package setup, and document required binaries in metadata/install requirements.