ClawHub

ScreenshotOne

Security checks across malware telemetry and agentic risk

Overview

This is a ScreenshotOne helper that is mostly coherent and disclosed, but users should treat screenshot capture actions as real external service calls, not read-only lookups.

Install only if you intend to use ScreenshotOne through OOMOL and are comfortable with the oo CLI and a connected ScreenshotOne API key. Confirm screenshot, animated screenshot, and bulk capture payloads before running them because they can contact target URLs, create output files, and consume service quota or credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest describes the skill as suitable for 'searching and reading data,' but the actual actions include screenshot submission and file-generation operations. This mismatch can cause an agent or user to invoke state-changing or externally targeting actions under the false assumption that the skill is read-only, increasing the risk of unintended network activity and side effects.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The safety section says read/list/search actions are safe, but the overall positioning of the skill emphasizes 'searching and reading data' even though it exposes create-style screenshot actions. This inconsistency can weaken operator caution and lead to unsafe assumptions about the effect of invoking the skill.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to use this skill for 'ANY ScreenshotOne request' is overly broad and can override more precise tool-selection logic. Broad activation conditions increase the chance that an agent invokes this skill in inappropriate contexts, including tasks that do not need connector access or that require stronger review due to external side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal