ClawHub

Screenshot Telegram Direct

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises by sending website screenshots to Telegram, but users must treat the URLs, screenshots, and API tokens as sensitive.

Install only if you are comfortable sending target URLs to the Snap screenshot service and sending screenshots and captions to Telegram. Avoid internal, authenticated, personal, or regulated pages unless approved. Use a dedicated Telegram bot and limited chat, verify the chat ID, keep .env private with restrictive permissions, and avoid shell-profile or cron automation unless you specifically need persistent credentials or scheduled screenshot posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly instructs users to execute shell commands and run a helper script, yet it declares no permissions. This creates a transparency and trust problem: consumers and platforms may underestimate the skill's ability to invoke shell operations, source environment files, and perform network actions via curl.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to capture website screenshots and transmit them to third-party services, but it does not clearly warn that page contents, captions, tokens, and potentially sensitive internal URLs may be shared externally. In this context, screenshots can contain confidential dashboards, personal data, or internal application state, making the omission materially risky.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is explicitly designed to capture website screenshots and transmit them to third-party services (Snap for rendering and Telegram for delivery), but the documentation does not clearly warn users that page contents, URLs, captions, and related metadata leave the local system. This creates a real data exposure risk if users screenshot internal dashboards, authenticated pages, or other sensitive content under the assumption the action is local-only.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recommended shell-profile snippet exports secrets from the skill's .env into every shell session, broadening their exposure to unrelated commands, child processes, logs, and accidental leaks through debugging or environment inspection. While convenient, this unnecessarily increases the attack surface for the Telegram bot token and Snap API key.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Full page screenshot
curl -s -X POST "https://snap.llm.kaveenk.com/api/screenshot" \
  -H "Authorization: Bearer $SNAP_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
97% confidence
Finding
curl -s -X POST "https://snap.llm.kaveenk.com/api/screenshot" \ -H "Authorization: Bearer $SNAP_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
-F "chat_id=$CHAT_ID" \
  -F "document=@$OUTPUT_FILE" \
  -F "caption=$CAPTION" \
  "https://api.telegram.org/bot$TOKEN/sendDocument"
```

## Automation (Cron)
Confidence
94% confidence
Finding
https://api.telegram.org/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Full page screenshot
curl -s -X POST "https://snap.llm.kaveenk.com/api/screenshot" \
  -H "Authorization: Bearer $SNAP_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
97% confidence
Finding
curl -s -X POST "https://snap.llm.kaveenk.com/api/screenshot" \ -H "Authorization: Bearer $SNAP_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
-F "chat_id=$CHAT_ID" \
  -F "document=@$OUTPUT_FILE" \
  -F "caption=$CAPTION" \
  "https://api.telegram.org/bot$TOKEN/sendDocument"
```

## Automation (Cron)
Confidence
96% confidence
Finding
https://api.telegram.org/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal