Back to skill
Skillv1.0.0
ClawScan security
super-screenshot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 10, 2026, 6:34 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements align with its stated purpose (taking robust screenshots); it is instruction-only, asks for no credentials, and does not perform unexpected actions.
- Guidance
- This skill is a set of runtime instructions for taking reliable screenshots and appears coherent. Before installing/using: ensure the OS-specific tools (screencapture, xcrun, grim/slurp, scrot, Playwright, etc.) you plan to use are installed on the agent host, and confirm the agent is allowed to run those native commands. The skill does not ask for credentials, but be mindful when capturing images: mask or avoid sensitive data before saving or sharing screenshots. If you allow autonomous invocation for this skill, note it may run capture commands when triggered — that’s expected but ensure your agent policies permit screen-capture operations on the host.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md describes taking screenshots across OSes and tooling (screencapture, xcrun, grim/slurp, scrot, nircmd, Playwright, Pillow, etc.), which is coherent with the skill's purpose. Minor note: the registry metadata declares no required binaries or install steps even though the instructions reference many external tools — this is reasonable for an instruction-only skill but means the agent or user must ensure those tools are available manually.
- Instruction Scope
- okInstructions focus on choosing capture tools, stabilizing state, masking secrets, formats, and CI best practices. They do not instruct reading arbitrary host files, exfiltrating data, or contacting unrelated endpoints. Guidance to 'mask or avoid secrets' is prudent and does not itself cause data leakage.
- Install Mechanism
- okNo install spec and no code files — lowest-risk delivery model. No downloads or archive extraction are present.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The external tools referenced are appropriate for screenshot tasks and do not imply disproportionate credential access.
- Persistence & Privilege
- okalways is false and model invocation is allowed (the platform default). The skill does not request persistent system presence or modify other skills' configs.