Back to skill

Security audit

Html2screenshot(长截图)

Security checks across malware telemetry and agentic risk

Overview

This HTML screenshot skill is purpose-aligned overall, but it warrants review because it recommends a background HTTP service with unclear network scope and a referenced server implementation that is not included in the package.

Install only if you are comfortable running Puppeteer/Chrome against HTML you choose. Avoid using the background HTTP service until its server code is present and reviewed, bind it to localhost if possible, and do not render sensitive local files or untrusted remote pages without network and browser sandbox controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill claims to safely convert arbitrary HTML from file path, URL, or string, but the documented implementation reads local files directly, runs a browser with '--no-sandbox', and renders attacker-controlled HTML that may trigger outbound network requests for external resources. This expands the effective permission and attack surface beyond the declared behavior, enabling local file access patterns and SSRF/privacy leakage through HTML-rendered subresources.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The dataset explicitly includes tasks that screenshot external URLs, embedded videos, iframes, and pages using third-party fonts, but it does not warn that performing these evaluations may trigger outbound network requests and load untrusted third-party content. In an html-to-screenshot skill, this is especially relevant because rendering arbitrary remote pages can expose the runtime to tracking, unexpected data egress, and content fetched from attacker-controlled origins during evaluation or normal use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.