Is kav-k/snap safe?

https://github.com/openclaw/skills/tree/main/skills/kav-k/snap

87
SAFE

This skill provides documentation for a screenshot-as-a-service API that appears legitimate and well-documented. The main risk is the inherent privacy consideration of sending URLs to an external service for screenshot generation.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (2)

MEDIUM External Screenshot Service Dependency -25

The skill provides access to an external screenshot service at 'https://snap.llm.kaveenk.com'. Users will send URLs (which may contain sensitive or internal information) to this third-party service for screenshot generation. This creates a potential privacy risk if the external service logs URLs or screenshot content.

LOW Third-party Service Trust Requirement -30

The skill requires trusting an external service provider with potentially sensitive screenshot content. While the service appears legitimate with proper rate limiting and documentation, users must trust the service provider's data handling practices.