Skillv1.0.2

ClawScan security

SaaS (Screenshot As A Service) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 9:36 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (calling a remote screenshot API), but it relies on an external, unverified service which will receive any URLs and options you send — posing privacy and data-exposure risk that you should consider before use.
Guidance: This skill is coherent and does what it says: it sends URLs to a remote screenshot API and returns images. However, the service domain (snap.llm.kaveenk.com) and source are unverified and there is no included code to audit. Before installing or using it: 1) Treat any API key as a secret; store it securely. 2) Avoid sending URLs that contain private tokens or that require authentication; do not include real authentication cookies/headers unless you trust the operator. 3) Understand that any page fetched by the service (including content behind the URL) will be visible to the service operator — don't use it on sensitive internal sites or PII. 4) If you require stronger assurances, prefer self-hosting an auditable open-source screenshot service (the skill claims to be open-source) or verify the operator, privacy policy, and TLS certificate for the offered domain. 5) Confirm acceptable network egress policies for your environment (the skill makes outbound calls to an external host).

Purpose & Capability: okName/description match the runtime instructions: the SKILL.md documents a cloud screenshot API (snap.llm.kaveenk.com) and shows how to register and call it. The skill requests no local binaries, env vars, or unusual OS access — nothing appears extraneous to taking remote screenshots.
Instruction Scope: noteInstructions tell the agent to register and POST URLs (and optional headers/cookies) to the remote API and to store the returned API key. This is within the stated purpose, but calling the remote API inevitably transmits the target URL (and potentially page content as the service fetches it). The options allow passing custom headers and cookies, which could be used to send sensitive or authenticated data if the agent or user provides them.
Install Mechanism: okNo install spec and no code files — instruction-only skill. That minimizes local code execution risk. The tradeoff is that all behavior depends on the external service (no local code to audit).
Credentials: okThe skill declares no required environment variables, credentials, or config paths. It asks the user/agent to obtain an API key from the remote service via registration; that is proportional to using a hosted API.
Persistence & Privilege: okThe skill is not force-included (always:false) and uses normal autonomous-invocation settings. It does not request elevated agent/system privileges or modify other skills' configs.