Screenshot Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A screenshot may include passwords, messages, documents, or other private information visible on the desktop.
The code can capture the screen and either save an image file or return a base64-encoded screenshot. This matches the skill purpose, but it is a sensitive local capability that should be user-directed.
def capture_to_file(... filepath: str | Path = "screenshot.png" ...) ... img.save(str(filepath)) ... def capture_to_base64(...) -> str:
Use the skill only when you intend to capture the screen, and prefer a specific region when full-screen capture is unnecessary.
If used with an external vision API, whatever is visible in the screenshot may be shared outside the local machine.
The documentation shows a user-directed example of sending a captured screenshot to an OpenAI vision API. This is disclosed and purpose-aligned, but it can transmit sensitive screen content to an external provider.
b64 = sc.capture_to_base64(fmt="JPEG", quality=85) ... client.chat.completions.create(... {"type": "image_url", "image_url": {"url": f"data:image/jpeg;base64,{b64}"Review the screenshot contents before sending to any external API and avoid capturing sensitive windows unless necessary.
Installing packages adds third-party code to the local environment.
The skill relies on installing external Python packages. These dependencies are expected for screenshot capture and are not suspicious here, but users should install them from trusted sources.
uv add mss pillow # 或 pip install mss pillow
Install dependencies from trusted package indexes and consider pinning versions in controlled environments.