AppScreenshotStudio
AdvisoryAudited by VirusTotal on Mar 24, 2026.
Overview
Type: OpenClaw Skill Name: appscreenshotstudio Version: 1.0.1 The skill is designed to automate the creation of App Store and Play Store screenshots by analyzing project metadata and source code (e.g., README.md, package.json, and UI components) to extract branding and feature context. It interacts with a legitimate-appearing external API (appscreenshotstudio.com) via curl to process this data and generate image assets. The file access and network activity are explicitly documented and strictly aligned with the stated purpose of the tool, with no evidence of unauthorized data access, persistence mechanisms, or malicious execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create remote screenshot projects and spend AppScreenshotStudio credits when the user proceeds with generation.
The skill instructs the agent to make external API POST requests that create projects and generate screenshot sets. This is central to the stated purpose and is preceded by a user confirmation step.
curl -s -X POST https://appscreenshotstudio.com/api/v1/projects ... curl -s -X POST "https://appscreenshotstudio.com/api/v1/projects/$PROJECT_ID/chat"
Confirm the requested screenshot details before generation, and be aware that each chat generation may consume credits.
Anyone with the API key could potentially use the connected AppScreenshotStudio account or consume credits.
The skill requires an API key associated with a paid or credit-bearing account. This is expected for the integrated service and is clearly disclosed.
Requires `APPSCREENSHOTSTUDIO_API_KEY` in your environment. Get a key at https://appscreenshotstudio.com/settings (requires an account with credits).
Store the API key securely, do not paste it into prompts or shared files, and revoke or rotate it if exposed.
Summaries of app features, screens, branding, audience, and positioning may be shared with AppScreenshotStudio’s backend.
The workflow sends summarized codebase and product context to an external API, which is necessary for the service but means selected project information leaves the local environment.
"codebase_context": { "readme_summary": "...", "key_screens": ["..."], "color_tokens": {"primary": "#hex"}, "target_audience": "..." }Review the context before sending it and exclude secrets, private customer data, unreleased strategic information, or anything not needed for screenshot generation.