ClawHub
Back to skill
v1.0.2

Full Webpage Screenshot

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:58 AM.

Analysis

This skill does what it claims—captures webpage screenshots—but users should notice that it installs Puppeteer and runs Chromium with its sandbox disabled.

GuidanceBefore installing, be aware that this adds Puppeteer/npm dependencies and uses a headless browser with sandboxing disabled. It appears coherent for screenshot capture, but use it mainly for URLs you trust and save screenshots to intended paths.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
First-time setup (installs Puppeteer):

```bash
cd ~/.openclaw/skills/full-webpage-screenshot/scripts
npm install
```

The skill asks the user to install npm dependencies. This is expected for Puppeteer-based screenshots, but it introduces normal third-party package supply-chain exposure.

User impactInstalling the skill may download and install Puppeteer and its dependencies from npm.
RecommendationInstall only if you are comfortable adding Puppeteer/npm dependencies, and prefer using the included lockfile-controlled install flow.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/screenshot.js
puppeteer.launch({
    headless: 'new',
    args: ['--no-sandbox', '--disable-setuid-sandbox']
  });

The skill launches Chromium with sandboxing disabled while visiting user-supplied webpages. This may be used for compatibility, but it weakens browser isolation if a malicious page is rendered.

User impactA malicious webpage would still need a browser exploit to affect the system, but disabling the sandbox reduces containment.
RecommendationUse the skill on trusted URLs when possible, and consider removing the no-sandbox flags if your environment supports sandboxed Chromium.