SaaS (Screenshot As A Service)

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is purpose-aligned for taking cloud screenshots, but the screenshot provider can see submitted URLs and any cookies or headers the user includes.

Install only if you are comfortable using snap.llm.kaveenk.com as the screenshot provider. Avoid sending internal-only URLs, private account pages, session cookies, authorization headers, or regulated data unless you explicitly trust the service and have authorization to transmit that information externally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill is explicitly designed to send arbitrary user-provided URLs to a third-party screenshot service, and it also documents optional transmission of cookies and custom headers. Without a clear privacy warning or restriction guidance, users may unknowingly transmit sensitive internal URLs, session cookies, authorization headers, or confidential page content to an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal