Trust Assessment
snap received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Data Exfiltration via `cookies` and `headers` parameters, Data Exfiltration via screenshot content.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Data Exfiltration via `cookies` and `headers` parameters The skill's `screenshot` API allows the agent to specify arbitrary `cookies` and `headers` to be sent with the request to the target URL being screenshotted. An attacker could craft a prompt to trick the agent into including sensitive cookies (e.g., session tokens for other services) or authorization headers (e.g., API keys, bearer tokens) in these parameters. This would result in the exfiltration of these credentials or sensitive session data to the external `snap.llm.kaveenk.com` service. 1. **Restrict or sanitize `cookies` and `headers`:** If possible, limit the types of cookies/headers that can be set, or disallow them entirely for untrusted input. Implement strict input validation and sanitization to prevent sensitive information from being passed. 2. **Agent-side filtering:** The LLM agent itself should be explicitly instructed to filter or redact sensitive information from user-provided `cookies` or `headers` before calling the skill. 3. **User awareness:** Clearly warn users about the risks of providing sensitive information via these parameters. | LLM | SKILL.md:50 | |
| MEDIUM | Data Exfiltration via screenshot content The skill's primary function is to take screenshots of arbitrary URLs provided by the agent. If an agent is prompted to screenshot a URL that contains sensitive information (e.g., a local web server serving private data, or a page displaying user PII), that information will be captured in the screenshot and sent to the external `snap.llm.kaveenk.com` service. This constitutes a risk of sensitive data being exfiltrated to a third-party service. 1. **Agent-side URL validation:** The LLM agent should implement robust validation of URLs to prevent access to internal networks, file system paths, or known sensitive domains. 2. **User awareness:** Inform users about the implications of providing URLs that might contain sensitive data and the fact that the screenshot content is processed by a third-party service. 3. **Service-side safeguards:** The `snap.llm.kaveenk.com` service should implement measures to prevent access to private IP ranges or sensitive internal resources. | LLM | SKILL.md:37 |
Scan History
Embed Code
[](https://skillshield.io/report/639023e4c1b82b40)
Powered by SkillShield