ClawHub

Website Screenshot (By ScreenshotOne)

v1.0.1

Use this skill when you need to take website screenshots with ScreenshotOne using direct curl commands, save the result to a local file, or choose Screenshot...

0· 75·0 current·0 all-time
by@screenshotone
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the actual requirements: curl and an access key (SCREENSHOTONE_ACCESS_KEY) are exactly what a direct HTTP-based screenshot skill needs. No unrelated binaries or secrets are requested.
Instruction Scope
SKILL.md contains concrete curl templates and stays within the stated purpose. However, the included options reference powerful parameters (cookies, authorization, scripts, proxy, storage) that—if used—can cause you to send sensitive data or upload results to remote storage; the skill itself does not instruct the agent to read other files or env vars, but users/agents could include other secrets in requests if careless.
Install Mechanism
Instruction-only skill with no install spec and no files that execute code. This is the lowest-risk install model.
Credentials
Only one environment variable (SCREENSHOTONE_ACCESS_KEY) is required and declared as the primary credential. That is proportionate for an API-key-based screenshot service. The key is sensitive and should be treated as such.
Persistence & Privilege
Skill is not always-enabled and does not request persistence or modify other skills or system settings. Autonomous invocation is allowed by default but is not combined here with broad credential or system access.
Assessment
This skill appears to do what it claims: use curl plus your ScreenshotOne access key to take screenshots. Before installing or using it: (1) Only provide your SCREENSHOTONE_ACCESS_KEY if you trust screenshotone.com and the key's scope; treat the key like any API secret and rotate it if exposed. (2) Be careful when using options that include cookies, authorization headers, scripts, or storage (store=true/storage_endpoint) — those can cause sensitive site data or screenshots to be sent/stored externally. (3) Do not paste other secrets into the command (cookies, tokens, or headers) unless you intend those to be transmitted to the ScreenshotOne API. (4) If you need screenshots of sensitive sites, review ScreenshotOne's documentation about storage and retention. Overall the skill is coherent and low-risk, but use caution with parameters that can leak data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e2s7srtzt6r3f1bn3ex6p4s84gm1c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📸 Clawdis
Binscurl
EnvSCREENSHOTONE_ACCESS_KEY
Primary envSCREENSHOTONE_ACCESS_KEY

Comments