ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Webpage Screenshot

打开指定网页并截图为图片文件。在用户要求对某 URL 截图、保存网页为图片、或需要网页快照时使用。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.5k · 4 current installs · 5 all-time installs
by@Malenconiaprincep
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (webpage screenshots) matches the instructions (npm script or MCP browser). However the skill metadata claims no required binaries or env vars while the SKILL.md plainly requires npm/npx and Playwright (a browser). That undeclared dependency is an inconsistency.
!
Instruction Scope
SKILL.md tells the agent to run a project-provided npm script (npm run screenshot) and to run 'npx playwright install chromium'. Running an arbitrary project script can execute any code in the repository and access local files; the instructions do not constrain or validate the script, nor do they warn about sandboxing. The MCP browser option is lower-risk but only provides snapshots, not files.
Install Mechanism
There is no install spec in the skill bundle, but the instructions require running 'npm install' and 'npx playwright install chromium' which will download packages and browser binaries from external registries. That is a moderate risk because it pulls code/binaries at runtime without being declared in metadata or audited by the registry.
Credentials
The skill does not request any environment variables, credentials, or config paths. There are no explicit credential requests inconsistent with the stated purpose.
Persistence & Privilege
always is false and there is no installation step that persists or modifies other skills or system-wide settings. The skill does not request elevated persistence privileges.
What to consider before installing
This skill can do what it says (take webpage screenshots) but its instructions expect you to run a project npm script and to install Playwright via npx — actions that will download and execute code. Before installing or invoking: 1) confirm the repository/script you will run (inspect package.json and the screenshot script) because npm scripts can run arbitrary commands; 2) prefer the MCP/browser snapshot mode if you only need a quick preview and want to avoid installing packages; 3) run npm/npx steps in a sandboxed environment (container/VM) if you must install Playwright; 4) ask the publisher for an explicit install spec or a self-contained script (or a known CLI dependency) so you can review what will be executed. If you cannot inspect the script or do not trust the project source, do not run the npm-based method.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk975nsmqkh2k8b2f4ge0y9gyax8116ba

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

网页截图

何时使用

  • 用户给出一个 URL,要求「打开并截图」或「保存网页为图片」
  • 需要网页快照、页面留档或可视化结果时

方式一:运行项目脚本(推荐,得到文件)

使用项目内 TypeScript 脚本,可保存为本地图片文件:

# 在项目根目录执行
npm run screenshot -- <URL> [输出路径]

示例:

npm run screenshot -- https://example.com
# 默认保存为 ./screenshot.png

npm run screenshot -- https://example.com ./output/page.png

前置条件:已执行 npm install 且已安装浏览器:npx playwright install chromium

方式二:使用 MCP 浏览器

若仅需在对话中「看到」页面内容而不必保存为文件,可使用 Cursor 的 browser MCP:

  1. browser_navigate 打开目标 URL
  2. browser_snapshot 获取页面结构(相当于当前状态的“快照”信息)

注意:MCP 浏览器不直接生成截图文件,适合快速查看与交互。

输出

  • 脚本方式:在指定路径生成 PNG 截图(默认 screenshot.png)。
  • 截图为整页(含滚动区域),视口宽度默认 1280px。

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…