ClawHub

Chrome Screenshot

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern
ASI05: Unexpected Code Execution
What this means

A maliciously crafted filename, output path, or width argument could make the agent run unintended local code under the user's account.

Why it was flagged

WIDTH, the HTML filename, and OUTPUT are inserted directly into JavaScript source passed to node -e. If those values contain quotes or JavaScript syntax, they can break out of the intended literals and execute arbitrary Node.js code.

Skill content
await page.setViewport({width: $WIDTH, height: 900}); ... await page.goto('http://127.0.0.1:$PORT/$NAME' ...); ... await page.screenshot({path: '$OUTPUT', fullPage: true});
Recommendation

Validate width as an integer, pass paths through argv or environment variables instead of interpolating into node -e, and JSON-escape or encode any value embedded into JavaScript or URLs.

Note
ASI02: Tool Misuse and Exploitation
What this means

During rendering, other local processes could access files served from that directory, and untrusted HTML would run in a less isolated browser process.

Why it was flagged

The script starts a localhost web server for the whole HTML directory and disables Chrome sandboxing. This is aligned with screenshot generation, but it increases risk if the HTML or directory contents are untrusted.

Skill content
python3 -m http.server "$PORT" --bind 127.0.0.1 & ... args: ['--no-sandbox', '--disable-setuid-sandbox']
Recommendation

Use only trusted, locally authored HTML in non-sensitive directories; consider serving only the target file and avoiding --no-sandbox when Chrome can run safely without it.

Note
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The behavior depends on whatever global puppeteer-core package is installed on the machine, which may vary by version or provenance.

Why it was flagged

The skill relies on a globally installed npm package without pinning a version. This is expected for the stated Chrome/puppeteer purpose, but users should understand the dependency source and version.

Skill content
puppeteer-core installed globally: `npm install -g puppeteer-core`
Recommendation

Prefer a pinned dependency version or a reviewed local package setup, and document required binaries in metadata/install requirements.