Back to skill

Security audit

terminal-screenshots

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill is coherent for creating terminal screenshots with VHS, though users should review generated tape commands before running them.

Install only if you are comfortable with VHS scripts running shell commands and writing media files. Review every .tape file before execution, especially Hide sections, avoid recording terminals that show secrets, and replace cleanup commands with clearly scoped disposable paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The example includes a hidden cleanup step that runs `rm temp-files`, which performs file deletion outside the core purpose of creating screenshots/recordings. Because it is both destructive and hidden from the rendered output, users may copy the pattern without realizing it can remove files, increasing the risk of accidental data loss.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README states that the agent will automatically use this skill for creating terminal screenshots or recordings, but it does not define clear boundaries, approval requirements, or environmental constraints. In an agent framework, broad auto-invocation can cause the skill to run in response to common requests and may lead to unintended command execution, file creation, or tool installation attempts without sufficiently explicit user consent.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The README includes examples that generate output files and run a Docker command with a bind mount, but it does not warn that these actions modify the filesystem or expose the current working directory to the container. In an agent context, omission of these effects can lead to unintended writes or broader-than-expected access to local files when the skill is followed automatically.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation demonstrates hiding a cleanup command that deletes files, which can normalize concealing destructive actions in terminal automation. Hidden destructive steps are especially risky in a skill meant for reproducible demos because users may adopt the pattern in real environments and delete unintended files without noticing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.