ClawHub

Rustdesk Screenshot

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it takes full-screen screenshots, can expose RustDesk temporary passwords, and can delete files in an environment-selected directory without clear safeguards.

Install only if you are comfortable with an agent minimizing your desktop, launching RustDesk, deleting everything under the configured screenshot directory, and sending a full multi-monitor screenshot that may include passwords or private content. Do not point SCREENSHOT_DIR at any important folder, do not override RUSTDESK_PATH unless you fully trust the executable, and avoid using this skill to capture temporary passwords or other secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (11)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
exe_path = Path(RUSTDESK_PATH)
    if not exe_path.exists():
        raise FileNotFoundError(f"找不到 RustDesk 可执行文件: {RUSTDESK_PATH}")
    subprocess.Popen(
        [str(exe_path)],
        shell=True,
        stdout=subprocess.DEVNULL,
Confidence
95% confidence
Finding
subprocess.Popen( [str(exe_path)], shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, )

Tainted flow: 'exe_path' from os.environ.get (line 41, credential/environment) → subprocess.Popen (code execution)

Medium
Category
Data Flow
Content
exe_path = Path(RUSTDESK_PATH)
    if not exe_path.exists():
        raise FileNotFoundError(f"找不到 RustDesk 可执行文件: {RUSTDESK_PATH}")
    subprocess.Popen(
        [str(exe_path)],
        shell=True,
        stdout=subprocess.DEVNULL,
Confidence
98% confidence
Finding
subprocess.Popen( [str(exe_path)], shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, )

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The note reframes a screenshot utility as a way to view a RustDesk temporary password, which is sensitive authentication data. This broadens the skill from benign capture into credential exposure and remote-access enablement, increasing the chance of misuse or unauthorized access.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill silently minimizes all windows, materially changing the user's desktop state beyond what the description clearly communicates. In an agent setting, hidden UI manipulation can disrupt work, conceal what is happening, and facilitate privacy-invasive capture without informed user understanding.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The catch-all trigger phrase for 'any instruction involving RustDesk + screenshot' is overly broad for a skill that launches software, clears a directory, and captures the full screen. Broad invocation conditions increase the risk of accidental activation on ambiguous user requests, leading to unintended screen capture or file deletion.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documented workflow includes clearing a directory and taking a full-screen screenshot, both of which are privacy- or integrity-sensitive actions, but there is no requirement for user confirmation or warning. That makes unintended data loss and exposure of on-screen secrets materially more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Allowing environment variables to override the executable path and output directory without safety guidance can redirect the skill to launch an unexpected binary or write/delete data in an unsafe location. In a skill that starts processes and clears directories, caller-controlled paths materially increase abuse potential.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script recursively deletes all contents of SCREENSHOT_DIR, and that directory is also environment-controlled. If misconfigured or maliciously pointed at an important path, this can cause destructive data loss well beyond stale screenshots, especially because there is no confirmation, scope restriction, or safety guard.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script captures all screens after launching an application, without any explicit in-script warning or consent gate for a privacy-sensitive operation. In a remote-assistant or skill context, full-desktop capture can expose unrelated windows, notifications, and sensitive information across multiple monitors.

Ssd 3

High
Confidence
97% confidence
Finding
The skill is designed to capture the entire desktop and return the image to the user, which can include passwords, personal data, chats, tokens, and other sensitive material visible on screen. Because there are no safeguards like region selection, redaction, or consent gates, the feature directly risks unauthorized disclosure.

Ssd 4

High
Confidence
98% confidence
Finding
By explicitly positioning screenshots as a way to recover a forgotten RustDesk temporary password, the documentation legitimizes collecting and transmitting authentication material. In context, this makes the skill more dangerous because it turns passive capture into a means of harvesting access credentials for remote control.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal