Website Capture - AllScreenshots
Security checks across malware telemetry and agentic risk
Overview
This is a coherent screenshot-capture skill that uses a disclosed cloud API and API key, with some privacy and acceptable-use considerations for the URLs and screenshots sent to the provider.
Before installing, confirm you are comfortable sending target URLs and screenshots to the Allscreenshots cloud service and storing the API key in your OpenClaw environment. Use stealth mode and cookie-banner blocking only for sites you are authorized to capture.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help capture pages in a way that avoids some bot-detection behavior if the user asks it to do so.
The skill exposes an anti-detection option. It is disclosed and related to website capture, but users should ensure they have permission to capture or access the target sites.
`stealth`: `true` uses anti-detection mode for bot-protected sites
Use the skill only for sites you are authorized to capture, and do not use stealth features to bypass access restrictions or site policies.
Anyone or any agent with access to the configured environment variable could make screenshot API requests using the user's Allscreenshots account.
The skill requires an Allscreenshots API key, which grants access to the user's account or quota for that service. This is expected for the stated cloud API integration.
`requires":{"bins":["curl","jq"],"env":["ALLSCREENSHOTS_API_KEY"]},"primaryEnv":"ALLSCREENSHOTS_API_KEY"`Store the API key securely, rotate it if exposed, and use the least-privileged or usage-limited key available from the provider.
Screenshots and target URL information may be processed and stored by a third-party provider rather than staying local.
The recommended workflow returns a provider-hosted URL for the generated screenshot, meaning target URLs and page images are handled by the external Allscreenshots service.
`responseType`: `"url"` – JSON with a CDN link to the stored image
Do not capture sensitive, private, or internal pages unless you are comfortable sending the URL and screenshot content to Allscreenshots and receiving a hosted storage link.