v1.0.0

Screengrab

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:38 AM.

Analysis

Screengrab is a straightforward macOS screenshot helper, but its unbounded watch mode can keep capturing sensitive screen contents until stopped.

GuidanceInstall only if you are comfortable letting the agent capture your current Mac screen. Prefer one-time snapshots, avoid watch mode unless necessary, use --count when watching, close sensitive windows first, and delete saved screenshots from /tmp or custom folders when done.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/screengrab.py

watch_p.add_argument('--count', type=int, default=None) ... while count is None or i < count: ... snap(...); ... time.sleep(interval)

The periodic screenshot mode has no default maximum count and loops indefinitely when count is not provided, which can continuously capture sensitive screen contents and create many files.

User impactIf watch mode is started by the agent, it may keep taking screenshots of everything visible on the Mac until manually stopped.

RecommendationRequire explicit user approval for watch mode, make a finite count or duration the default, enforce a minimum interval, and clearly warn users before continuous capture starts.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

- macOS only (`/usr/sbin/screencapture`)
- Script: `scripts/screengrab.py`

The skill text and code require macOS screenshot utilities, while the registry metadata lists no OS restriction and no required binaries, leaving the package contract under-declared.

User impactUsers on unsupported systems may install a skill that cannot work, and metadata does not fully reflect the local screen-capture capability.

RecommendationDeclare the macOS OS restriction and required local binaries/capabilities in metadata so users understand the platform and screen-access requirements before installation.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

path=$(python3 scripts/screengrab.py snap --quiet)
# Then pass $path to image analysis

The suggested workflow moves the screenshot into a separate image-analysis component, which may expose sensitive visible screen contents depending on that tool's privacy boundary.

User impactWhatever is on screen could be included in the screenshot and shared with the image-analysis tool the agent uses.

RecommendationTreat screenshots as sensitive data, close or hide private windows before use, and confirm whether the image-analysis tool is local or external before sending screenshots.