Back to skill

Security audit

Windows Screenshot

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Windows screenshot skill that saves local PNG files, with normal screenshot privacy risks but no hidden or unrelated behavior found.

Install only if you want a local screenshot tool. Hide sensitive windows before running it, review and delete saved PNGs under the configured media directory when needed, and use the Telegram example only when you intentionally want to send a screenshot externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises screenshot capture and automatic creation of an output directory, but it does not clearly warn users that the tool will capture potentially sensitive on-screen information and write it to disk. In a screenshot utility, this omission is security-relevant because users may run it in sensitive contexts without understanding the privacy and data-retention implications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script captures the user's screen and writes the image to disk without any notice, consent, or confirmation. In an agent skill context, this is sensitive because screenshots can expose credentials, personal data, messages, and other confidential on-screen content, enabling privacy violations or data exfiltration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.