ClawHub

wsl-screenshot

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it captures a Windows primary-screen screenshot from WSL, but users should review screenshots before sharing them.

Install only if you intentionally want a WSL helper that can capture your full Windows primary screen. Before sharing any screenshot, check it for passwords, private documents, notifications, or other sensitive information, and update the hard-coded C:\Users\97027\Pictures path if that is not your Windows profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest description is broadly phrased enough to trigger on routine screenshot-related requests in WSL, without clearly limiting when capture is appropriate or requiring explicit confirmation. Because screenshots can contain sensitive on-screen data, over-broad activation increases the chance the skill is invoked in contexts where the user did not intend screen capture or data exfiltration.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to capture a screenshot and send it to the user without any privacy warning or confirmation step, even though screenshots may include passwords, messages, tokens, confidential documents, or unrelated applications. In this context, the ability to capture the Windows primary screen from WSL makes the issue more dangerous because it crosses environment boundaries and can expose far more than the user may expect.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script captures the entire primary screen immediately when run, with no interactive confirmation, preview, scope restriction, or warning that sensitive on-screen information may be collected. In a WSL helper skill, this is especially risky because it bridges into Windows and can silently capture passwords, messages, tokens, or other confidential desktop content unrelated to the user's immediate task.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal