Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Rendshot
v1.0.0Image generation and screenshot tool using Rendshot. Use when the user asks to generate images from HTML/CSS, take website screenshots, render templates to i...
⭐ 0· 32·0 current·0 all-time
byMartian@zoohero500
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description (image generation, HTML→image, screenshots, templates) match the SKILL.md and reference docs. The provided MCP tool names and API/CLI/SDK examples are coherent with the stated purpose. Minor inconsistency: the docs show use of an API key (RENDSHOT_API_KEY) and external endpoints, but the skill metadata lists no required environment variables or primary credential.
Instruction Scope
Runtime instructions explicitly instruct sending HTML, screenshots of arbitrary URLs, and templates to an external service (api.rendshot.com). That behavior is consistent with the feature set, but it means user-provided or internal URLs and HTML will be transmitted off-host. The SKILL.md does not instruct reading local files or unrelated system state, which is good, but the broad permission to screenshot arbitrary URLs is a potential SSRF/data-exfil problem if not limited or consented to.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest installation risk. The references include example install commands (npm, pip) for the external Rendshot SDK/CLI, but the skill itself does not install anything.
Credentials
The included references and examples expect an API key (RENDSHOT_API_KEY / Authorization: Bearer rs_live_xxx) to authenticate to api.rendshot.com, but the skill metadata declares no required env vars or primary credential. Requiring a service API key is reasonable for this purpose, but the omission in metadata is an inconsistency that should be fixed. Also, providing that API key to this skill would grant it the ability to send arbitrary page content and templates to the external service — verify that is acceptable before supplying keys.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence. It does not declare any actions that modify other skills or system-wide configuration. Autonomous invocation is allowed by default but not combined here with any other high privilege indicators.
Scan Findings in Context
[mentions_RENDSHOT_API_KEY] expected: The reference docs and curl/SDK examples use RENDSHOT_API_KEY or a Bearer token for authentication. This is expected for a hosted rendering API, but the skill metadata does not declare this env var as required — an inconsistency to address.
[external_api_endpoint_api.rendshot.com] expected: The docs point to https://api.rendshot.com (with an option for self-hosting). Calling an external service is expected for this functionality, but it implies user data (HTML, page content, screenshots) will be transmitted externally.
[cli_sdk_install_examples] expected: Examples reference npm/pip packages and CLI auth. These are reasonable usage docs but are not part of the skill's install spec; the skill itself does not install these.
[no_metadata_env_declared] unexpected: The SKILL.md and references expect an API key, but the skill's declared required env vars are empty. This mismatch is not expected and should be corrected.
What to consider before installing
This skill appears to do what it says (render HTML to images and take screenshots), but it relies on an external Rendshot service. Before installing or enabling it: (1) Confirm where the agent will send HTML and screenshots (api.rendshot.com or a self-hosted endpoint) and review that service's privacy policy; (2) do not provide an API key to the skill unless you trust the service — supplying RENDSHOT_API_KEY would allow the skill to transmit arbitrary page content and images; (3) avoid asking the skill to screenshot internal/private URLs or sensitive pages unless you control or self-host the service; (4) ask the skill author to correct the metadata so the required RENDSHOT_API_KEY is declared in requires.env (so it’s clear what credentials are needed), and to document where keys are stored and whether the skill retains copies of rendered content; (5) if you need stricter safety, prefer a self-hosted Rendshot endpoint or a local rendering tool to avoid sending sensitive content off-host.Like a lobster shell, security has layers — review code before you run it.
latestvk97b0s5zs7qd5pqfrzj5brjk8984t8bs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.