Screenshot Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: screenshot-skill Version: 1.0.1 The OpenClaw AgentSkills skill bundle provides a legitimate screenshot capture utility using `mss` and `Pillow`. The `scripts/screenshot.py` code correctly implements screen capture, saving to files, and base64 encoding without any signs of malicious activity. Input validation for CLI arguments (e.g., `--region` parsing) is robust. The `SKILL.md` and `reference.md` documentation clearly describe the skill's purpose and usage, with no evidence of prompt injection attempts or instructions for unauthorized actions. There are no network calls initiated by the script, no attempts to exfiltrate data, establish persistence, or execute arbitrary commands.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A screenshot may include passwords, messages, documents, or other private information visible on the desktop.
The code can capture the screen and either save an image file or return a base64-encoded screenshot. This matches the skill purpose, but it is a sensitive local capability that should be user-directed.
def capture_to_file(... filepath: str | Path = "screenshot.png" ...) ... img.save(str(filepath)) ... def capture_to_base64(...) -> str:
Use the skill only when you intend to capture the screen, and prefer a specific region when full-screen capture is unnecessary.
If used with an external vision API, whatever is visible in the screenshot may be shared outside the local machine.
The documentation shows a user-directed example of sending a captured screenshot to an OpenAI vision API. This is disclosed and purpose-aligned, but it can transmit sensitive screen content to an external provider.
b64 = sc.capture_to_base64(fmt="JPEG", quality=85) ... client.chat.completions.create(... {"type": "image_url", "image_url": {"url": f"data:image/jpeg;base64,{b64}"Review the screenshot contents before sending to any external API and avoid capturing sensitive windows unless necessary.
Installing packages adds third-party code to the local environment.
The skill relies on installing external Python packages. These dependencies are expected for screenshot capture and are not suspicious here, but users should install them from trusted sources.
uv add mss pillow # 或 pip install mss pillow
Install dependencies from trusted package indexes and consider pinning versions in controlled environments.