Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Getscreenshot
v1.0.2GetScreenshot integration. Manage Screenshots. Use when the user wants to interact with GetScreenshot data.
⭐ 0· 151·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the instructions: the skill directs the agent to use the Membrane CLI to discover connectors, create a connection, run actions, or proxy API requests to GetScreenshot. Nothing requested (no env vars, no files) is unrelated to that purpose.
Instruction Scope
Instructions tell the agent to install and use the Membrane CLI, run login (which opens a browser or uses a copy/paste flow), list actions, run actions, and proxy requests. These steps are expected for this integration, but note that proxy requests and actions route data through Membrane’s servers (the doc says Membrane injects auth headers and handles credential refresh), so using the skill will send user-requested page URLs and request payloads to the Membrane service.
Install Mechanism
No install spec in the skill bundle itself — the SKILL.md recommends installing @membranehq/cli via npm globally. Installing a global npm package is a common approach but requires write access to system directories (and may require elevated privileges on some systems). This is a standard, moderate-risk install method for a CLI dependency.
Credentials
The skill declares no required environment variables or credentials and advises letting Membrane handle credentials. That aligns with the stated workflow. Users should still consider that authentication and request handling occur server-side at Membrane, which requires trust in that vendor.
Persistence & Privilege
The skill does not request always: true and is user-invocable; it does not attempt to modify other skills or system configuration. Normal autonomous invocation is allowed by platform defaults but not elevated here.
Assessment
This skill is coherent with its stated purpose, but before installing: (1) verify you trust Membrane/getmembrane.com because action runs and proxy requests will route through their service (potentially sending URLs and payloads to their servers); (2) be aware npm -g writes to system locations (may require sudo); (3) review @membranehq/cli documentation and the connector’s privacy/security docs if you plan to send sensitive pages or data; (4) if you cannot or do not want third-party proxying of request data, avoid using this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk979sn9tm84az0khyv380rp7s58437qh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.