mac-node-snapshot

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Mac screenshot helper, but users should remember that screenshots can include sensitive visible information.

Install only if you want an agent to capture your Mac screen on request. Before using it, hide sensitive windows or messages, grant Screen Recording intentionally, and install ffmpeg only from a trusted source if prompted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are broad enough to activate on common screenshot-related requests without signaling any privacy-sensitive behavior or requiring an explicit confirmation step. Because this skill captures the user's screen, broad invocation increases the chance of collecting sensitive on-screen data such as passwords, messages, or confidential documents when a user did not fully appreciate the privacy implications.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill describes how to capture and return a screenshot but does not warn that the image may contain highly sensitive information visible on screen, including credentials, personal communications, or proprietary data. In a screen-capture skill, the absence of a clear warning meaningfully increases the risk of unintended data exposure because users may not realize the full scope of what will be collected and attached.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal