ClawHub

Screenshot Skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it captures screenshots locally, with optional file or base64 output, but users should treat screenshots as sensitive data.

Install only if you need local screenshot capture. Before using it, close or crop out private windows, prefer region capture over full-screen capture, delete saved screenshots when no longer needed, and send base64 screenshots to external APIs only after reviewing what is visible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad enough to trigger on ordinary requests about screenshots or screen content without clearly constraining consent, scope, or sensitivity checks. In a screenshot-capture skill, over-broad invocation is more dangerous because screenshots can expose passwords, private messages, tokens, and other highly sensitive on-screen data.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation explicitly shows capturing the full screen and transmitting it to a vision API, but provides no warning that screenshots may contain secrets, personal data, credentials, or regulated information. Because this skill is specifically designed to exfiltrate visual desktop content to an external service, the absence of privacy and consent safeguards materially increases the risk of unauthorized data disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example encourages automatic saving of step-by-step screenshots to disk without warning that persistent image files may retain sensitive data long after the session ends. In desktop automation contexts, this can create an untracked cache of confidential screens accessible to other users, processes, backups, or forensic recovery.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly promotes capturing screenshots and exporting them as base64 for direct inclusion in API requests, but provides no warning that screenshots can contain passwords, tokens, personal data, chats, or internal documents. In an agent skill context, this omission materially increases the risk of accidental sensitive-data collection and transmission to external services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI examples document saving screenshots to disk and printing base64 image data to stdout without any warning about persistence, shell history/logging, CI logs, or terminal capture. This can expose sensitive screen contents through files, console logs, or downstream tooling even when the operator does not intend long-term retention or broad disclosure.

Missing User Warnings

High
Confidence
81% confidence
Finding
The function explicitly frames base64 screenshot export as suitable for sending to an API, which increases the likelihood of sensitive screen contents being transmitted off-host without an explicit disclosure, consent check, or data-minimization control. In a screenshot-capture skill, this context makes the issue more dangerous because the intended use includes handing captured screen data to downstream AI or external services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal