CleanShot Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a screenshot-automation skill whose sensitive actions are expected for its purpose, with no evidence of hidden upload, destructive behavior, or credential misuse.

Install only if you are comfortable with the agent being able to capture your visible screen and open recent screenshot history when you ask it to use CleanShot. Avoid invoking it while passwords, private chats, documents, or other sensitive material are visible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill maps very common phrases like 'take a screenshot' or 'capture the screen' directly to a capture action with no additional scoping or confirmation. In an agent setting, broad natural-language triggers can cause unintended screen capture of sensitive on-screen data when the user's intent was ambiguous or conversational rather than an explicit request to invoke the plugin.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Interpreting the broad phrase 'open CleanShot' as an instruction to open Quick Access or screenshot history can trigger exposure of prior captures without the user explicitly asking for history. That can surface sensitive screenshots, metadata, or workflow state in contexts where the user may only have intended to launch the app generically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal