ClawHub

MAC OS screenshot to telegram

Security checks across malware telemetry and agentic risk

Overview

The skill does what it advertises: captures a macOS screenshot and sends it to a Telegram chat, with sensitive privacy implications users should understand.

Install only if you intentionally want OpenClaw to capture your full macOS screen and upload it to Telegram. Before running it, verify the chat ID and profile, make sure nothing sensitive is visible, use a dedicated low-privilege Telegram bot token, and delete the saved workspace screenshot if it contains private information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs the agent to use shell commands (`screencapture`, `cp`, `grep`, `sed`, `curl`) but does not declare permissions accordingly. That creates a security transparency gap: reviewers and enforcement systems may not realize the skill can capture the screen, read local config, and exfiltrate data over the network.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This skill captures the user's screen and transmits the image to Telegram, but it does not prominently warn that sensitive on-screen data may be collected and sent to a third party. Because screenshots can contain passwords, messages, tokens, or personal information, the combination of screen capture plus external transmission materially increases privacy and data-exfiltration risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script silently reads a Telegram bot token from the user's local OpenClaw config and uses it for network transmission without any disclosure or confirmation. Accessing credentials from a private config file can surprise users and enables unintended use of a long-lived secret if the skill is triggered inappropriately or repurposed.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script captures the user's screen and immediately transmits the image to Telegram with no explicit privacy notice, preview, or confirmation step. Screenshots can contain highly sensitive data such as passwords, messages, tokens, financial details, or internal documents, making silent exfiltration particularly dangerous in an agent skill context.

External Transmission

Medium
Category
Data Exfiltration
Content
3. **Send via Telegram Bot API** (bypasses buggy message tool):
   ```bash
   BOT_TOKEN=$(grep botToken <config-path> | sed 's/.*"botToken": *"\([^"]*\)".*/\1/')
   curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendPhoto" \
     -F "chat_id=<target-chat-id>" \
     -F "photo=@<workspace>/screenshot.png"
   ```
Confidence
96% confidence
Finding
https://api.telegram.org/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal