screenshot.fyi

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed connector with a documentation mismatch around screenshot creation, but no evidence of hidden, destructive, or malicious behavior.

Install if you are comfortable with the skill creating screenshot jobs through its connected service. Treat screenshot creation as an active action: confirm the target URL or page, avoid sensitive/private pages unless intended, and watch for quota or billing effects.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill metadata says it should be used only for 'searching and reading data', but the documented action performs screenshot creation, which is an active operation and not a read-only query. This mismatch can mislead users or higher-level policy systems into authorizing the skill under weaker assumptions, increasing the chance that state-changing or externally impactful actions are run without appropriate confirmation.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The safety section acknowledges that create/update/post actions are state-changing, but this contradicts the top-level description that frames the skill as only for searching and reading. Such contradictory guidance can cause automated agents or users to treat the skill as lower risk than it really is, undermining approval flows and consent checks for non-read actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal