Skillv0.2.0

ClawScan security

OverRec Screen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 2:57 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and requirements match its stated purpose (controlling screenshots, overlays, and window placement via the OverRec CLI); nothing requested is disproportionate or unrelated.
Guidance: This skill is coherent with its purpose: it runs OverRec CLI commands to list monitors, locate windows, move/resize them, draw overlays, and take screenshots. Before installing/using it: 1) ensure OverRec is installed from a trusted source (the Microsoft Store link is provided) and is on PATH; 2) be aware the skill runs shell commands (Bash/pwsh) and may save images to disk or copy them to the clipboard—confirm where files are stored and whether clipboard copying is acceptable; 3) the provided "watch"/loop examples can capture screen contents repeatedly and indefinitely—the agent should ask for explicit consent, interval, and output location before running such loops; 4) on WSL the skill invokes PowerShell (pwsh.exe/powershell.exe), so ensure that environment is configured; and 5) only use this skill on machines where screen capture is allowed and safe (it can capture sensitive information).

Purpose & Capability: okThe name/description describe screen capture, overlays, and window snapping and the SKILL.md contains concrete OverRec CLI commands for those actions. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope: noteInstructions perform exactly the expected actions (list monitors, find windows, snap windows, draw overlays, and capture screenshots). They include examples that save screenshots to disk, copy to clipboard, and a watch loop that repeatedly screenshots a region. The watch loop can capture sensitive screen contents indefinitely; the skill does not explicitly require prompting for confirmation before long-running capture, so the agent should confirm intent/interval/destination with the user before running continuous captures.
Install Mechanism: okThis is an instruction-only skill with no install steps. It plainly documents that OverRec must be installed and on PATH (Microsoft Store link). No downloads or third-party install mechanisms are embedded in the skill.
Credentials: okNo environment variables, credentials, or config paths are requested. The skill will interact with the display and filesystem (saving images) which is proportional to its stated functionality.
Persistence & Privilege: okalways:false and default model-invocation settings are used (normal). The skill does not request permanent agent-wide privileges or modify other skills' configs.