ClawHub

Convert Any Screenshot

Security checks across malware telemetry and agentic risk

Overview

The package does not appear malicious, but its advertised screenshot-to-code purpose conflicts with broad generic conversion instructions and unclear write/API-key documentation.

Review carefully before installing. The files do not show exfiltration, destructive actions, or persistence, but the skill should be revised so its instructions, README, credential claims, and modes all match the screenshot-to-code purpose and clearly state whether any local files can be modified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The substantive documentation describes a generic format-conversion tool rather than the declared screenshot-to-code skill. This creates security-relevant ambiguity about expected inputs, processing steps, and outputs, increasing the chance that an agent will route sensitive or unrelated content into the skill under false assumptions.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The in-file intent text directly contradicts the manifest by presenting the skill as a general data-transformation utility. Such contradictory guidance is dangerous because agents often rely on embedded instructions for execution behavior, so this can override user expectations and lead to processing the wrong classes of data.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The file defines a full test runner but then replaces the effective _main entrypoint with a stub that calls an undefined function, preventing the advertised tests from running. This can silently disable validation and allow malformed or policy-violating skill content to pass review if maintainers assume the auto-generated suite is active.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
Documenting a write mode without warning about file or data modification can lead users to invoke the skill in ways that overwrite local files or alter inputs unexpectedly. In an agent context, unclear write semantics increase the chance of unsafe automation, especially if users assume the operation is read-only or non-destructive.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation description is broad enough to match many unrelated transformation requests, which can cause accidental invocation outside the intended screenshot-to-code scenario. Overbroad routing increases exposure to unexpected inputs and compounds the confusion created by the mismatched documentation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal