Webpage Screenshot New

Security checks across malware telemetry and agentic risk

Overview

This is a simple webpage screenshot helper, with the main caution that screenshots can capture sensitive page content if the user points it at private sites.

Install only if you are comfortable adding Puppeteer from npm and running browser automation. Use trusted URLs, avoid capturing private dashboards or account pages unless intended, choose screenshot output locations deliberately, and review or correct the sample code before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs taking screenshots of arbitrary webpages but provides no warning about capturing personal, confidential, or otherwise sensitive information that may be visible in the page. In an automation context, this can lead to unintended collection and storage of credentials, account data, internal dashboards, or regulated data from user-supplied URLs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal