SnapRender

Security checks across malware telemetry and agentic risk

Overview

SnapRender is a coherent screenshot-rendering skill, but users should remember that URLs, HTML, Markdown, and signed screenshot links are sent to an external service.

Install only if you are comfortable using SnapRender as a third-party screenshot service. Use it for public or non-sensitive pages by default, redact private HTML or Markdown before rendering, and create signed URLs only when you intend anyone with the link to view the result until it expires.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (8)

Description-Behavior Mismatch

Low

Confidence: 81% confidence
Finding: The skill exposes a signed-URL sharing capability that is not mentioned in the main description, which can cause users to underestimate the data-sharing risk. Because the generated link is accessible without an API key until expiry, omitted disclosure can lead to unintended public exposure of captured content.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill repeatedly instructs users to send arbitrary URLs, HTML, and Markdown to a third-party service, but does not warn that page contents, embedded secrets, internal URLs, or sensitive documents may be transmitted off-platform. In an agent context, this raises meaningful privacy and data-handling risk because users may assume the action is local or low-risk.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The signed-URL feature creates links that can be accessed by anyone without an API key, but the documentation frames them as convenient sharing artifacts without a strong warning about public accessibility. This can result in accidental disclosure of screenshots containing sensitive or proprietary information.

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash jq -n --arg url 'TARGET_URL' \ '{url: $url, response_type: "json", format: "jpeg", quality: 60, block_ads: true, block_cookie_banners: true}' \ | curl -s -X POST "https://app.snap-render.com/v1/screenshot" \ -H "X-API-Key: $SNAPRENDER_API_KEY" \ -H "Content-Type: application/json" \ -d @- \
Confidence: 92% confidence
Finding: curl -s -X POST "https://app.snap-render.com/v1/screenshot" \ -H "X-API-Key: $SNAPRENDER_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: # HTML jq -n --arg html '<html><body><h1>Hello</h1><p>World</p></body></html>' \ '{html: $html, format: "jpeg", quality: 60, response_type: "json"}' \ | curl -s -X POST "https://app.snap-render.com/v1/screenshot" \ -H "X-API-Key: $SNAPRENDER_API_KEY" \ -H "Content-Type: application/json" \ -d @- \
Confidence: 97% confidence
Finding: curl -s -X POST "https://app.snap-render.com/v1/screenshot" \ -H "X-API-Key: $SNAPRENDER_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: # Markdown jq -n --arg md '# Hello World\n\nThis is **bold** text.' \ '{markdown: $md, format: "jpeg", quality: 60, response_type: "json"}' \ | curl -s -X POST "https://app.snap-render.com/v1/screenshot" \ -H "X-API-Key: $SNAPRENDER_API_KEY" \ -H "Content-Type: application/json" \ -d @- \
Confidence: 97% confidence
Finding: curl -s -X POST "https://app.snap-render.com/v1/screenshot" \ -H "X-API-Key: $SNAPRENDER_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash jq -n --arg url 'TARGET_URL' \ '{url: $url, expires_in: 86400}' \ | curl -s -X POST "https://app.snap-render.com/v1/screenshot/sign" \ -H "X-API-Key: $SNAPRENDER_API_KEY" \ -H "Content-Type: application/json" \ -d @- \
Confidence: 95% confidence
Finding: curl -s -X POST "https://app.snap-render.com/v1/screenshot/sign" \ -H "X-API-Key: $SNAPRENDER_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: **Desktop screenshot of stripe.com:** ```bash jq -n --arg url 'https://stripe.com' '{url: $url, response_type: "json", format: "jpeg", quality: 60, block_ads: true, block_cookie_banners: true}' | curl -s -X POST "https://app.snap-render.com/v1/screenshot" -H "X-API-Key: $SNAPRENDER_API_KEY" -H "Content-Type: application/json" -d @- | tee /tmp/snap_response.json | jq -r '.image' | sed 's|data:image/[^;]*;base64,||' | base64 -d > /tmp/screenshot.jpg && jq '{url, format, size, cache, responseTime, remainingCredits}' /tmp/snap_response.json ``` **Mobile screenshot:** add `device: "iphone_15_pro"` to the jq object
Confidence: 90% confidence
Finding: curl -s -X POST "https://app.snap-render.com/v1/screenshot" -H "X-API-Key: $SNAPRENDER_API_KEY" -H "Content-Type: application/json" -d

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal