Back to skill
Skillv1.0.1
VirusTotal security
Screenshots · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:50 AM
- Hash
- 3d3edfd417dbf6d8f6bb3bd146fa3aea755156805c4b78e914ea414f1dbe0be2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: screenshots Version: 1.0.1 The skill bundle is classified as suspicious due to direct instructions for shell command execution and file system operations within `workflow.md` and `SKILL.md`. Specifically, `workflow.md` instructs the agent to run `xcrun simctl io booted screenshot` and `mkdir -p ~/screenshots/{app-slug}/raw`, and `cd ~/screenshots/{app-slug}`. While these commands are relevant to the skill's stated purpose, the use of variables like `{app-slug}` in shell commands without explicit sanitization instructions creates a significant shell injection vulnerability risk (potential RCE) if the agent's execution environment does not properly sanitize user-controlled inputs.
- External report
- View on VirusTotal