ClawHub

Scrask

Security checks across malware telemetry and agentic risk

Overview

Scrask has a coherent purpose, but it needs review because it can send private screenshots to vision AI providers and create calendar or task entries without a final approval step.

Review before installing. Use this only if you are comfortable sending screenshots to your configured vision provider or optional Gemini/Claude providers. Avoid screenshots containing passwords, tokens, private chats, medical/financial/work-confidential information, and consider disabling broad implicit routing or requiring explicit confirmation before any calendar or task entry is created.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Context-Inappropriate Capability

Low
Confidence
93% confidence
Finding
The page loads executable JavaScript from a third-party CDN at runtime, which creates a software supply-chain risk for anyone opening the documentation. If the CDN, dependency, or delivery path is compromised, arbitrary script can execute in the reader's browser under the page's origin.

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
Mermaid is initialized with securityLevel set to 'loose', which weakens built-in protections around rendered diagram content and click behavior. In a documentation page that renders Mermaid source from the DOM, this increases the chance that malicious or unexpectedly interpreted diagram content could trigger unsafe HTML or script-adjacent behavior.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The explicit alias `screenshot` is overly broad and overlaps with normal user language on chat surfaces where users commonly mention or send screenshots. In a hybrid invocation model, this can cause accidental force-dispatch to Scrask, leading the agent to parse images and potentially trigger downstream calendar/task creation flows the user did not intend.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README encourages users to send screenshots through chat surfaces and have them parsed by a vision model, but it does not clearly warn that screenshots may contain sensitive personal, financial, health, or authentication information. Because the skill operates on arbitrary screenshots and may forward image contents to external model providers, users could unknowingly expose private data.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The explicit alias 'screenshot' is overly generic and can match ordinary user language, causing the skill to force-route in situations the user did not intend. Because explicit invocation bypasses the implicit screenshot checks, this increases the chance of accidental activation, unintended image processing, and downstream calendar/task creation from irrelevant content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is designed to send screenshot content to external vision providers and then automatically create records in downstream calendar/task systems, but it does not clearly require user-facing disclosure or consent before doing so. This can expose sensitive screenshot data to third parties and create unintended entries in user systems without an informed confirmation step.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Forcing title and description content into English without user opt-in can alter meaning, names, or culturally specific details, leading to integrity issues in saved calendar/task entries. While this is not a direct code-execution or privilege-escalation flaw, it can cause silent data corruption and privacy surprises when multilingual content is transformed unexpectedly.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The documentation explicitly describes a flow where the bot may create calendar or task entries without a fresh user confirmation when confidence thresholds are met. In this skill's context, that can cause unintended writes to external productivity systems from imperfect screenshot parsing, enabling misfires, social-engineering-induced inserts, or accidental spam/poisoning of a user's calendar and task lists.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented flow explicitly allows items with `needs_confirmation: false` to be routed silently to calendar or task skills, which can create entries without an explicit final user confirmation. In a screenshot-parsing workflow, OCR/LLM misreads or adversarial screenshot content could cause unintended actions, making silent downstream execution a meaningful integrity and UX safety risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The decision flow states that screenshots may be sent to OpenClaw's vision LLM, Gemini, or Claude, but the user-facing description in this documentation does not present a clear privacy warning or consent boundary for external processing. Because screenshots often contain sensitive personal or business data, undisclosed transmission to third-party model providers creates a real privacy and compliance risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
anthropic>=0.40.0
google-generativeai>=0.8.0
Confidence
92% confidence
Finding
anthropic>=0.40.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
anthropic>=0.40.0
google-generativeai>=0.8.0
Confidence
92% confidence
Finding
google-generativeai>=0.8.0

Known Vulnerable Dependency: anthropic — 2 advisory(ies): CVE-2026-34450 (Claude SDK for Python has Insecure Default File Permissions in Local Filesystem ); CVE-2026-34452 (Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox)

Low
Category
Supply Chain
Confidence
88% confidence
Finding
anthropic

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal