← 返回 Skills 市场
Website ScreenshotOne (by ScreenshotOne)
作者
Dmytro Krasun
· GitHub ↗
· v1.0.0
· MIT-0
121
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install screenshotone-website-screenshot
功能描述
Use this skill when you need to take website screenshots with ScreenshotOne using direct curl commands, save the result to a local file, or choose Screenshot...
安全使用建议
This skill appears to do what it says (build curl calls to ScreenshotOne), but there are a few practical risks and inconsistencies to weigh before installing:
- The SKILL.md requires SCREENSHOTONE_ACCESS_KEY but the registry metadata does not declare any required env vars — confirm the skill owner and update metadata or refuse installation until the required credential is declared.
- The examples pass the access_key as a query parameter. Query parameters (and generated URLs) can be logged or appear in Referer headers; prefer using a secure header-based flow or at least be aware of leakage risk when using sensitive URLs or shared environments.
- The documented options include metadata_content and storage_* settings. If you enable metadata_content=true, the API can return page content (potentially sensitive). If you set storage_endpoint/storage_bucket, screenshots could be uploaded to arbitrary storage — ensure you control the destination.
- Because this is an instruction-only skill with allow_implicit_invocation enabled, an agent could call it automatically when relevant. If you are concerned about automatic captures of sensitive URLs, disable implicit invocation or only use the skill in sessions where you explicitly permit it.
What to do before installing: verify the skill owner (the registry owner id), insist the registry metadata be corrected to list SCREENSHOTONE_ACCESS_KEY as a required credential, and avoid using the skill with pages that contain sensitive data unless you control the ScreenshotOne account and any storage destinations. If you need more assurance, ask the publisher to change examples to use header-based auth or POST body auth to reduce URL leakage.
功能分析
Type: OpenClaw Skill
Name: website-screenshot
Version: 1.0.0
The skill bundle provides a legitimate tool for capturing website screenshots using the ScreenshotOne API via curl. It follows standard practices for API interaction, such as using environment variables for credentials and --data-urlencode for parameter safety. No evidence of data exfiltration, malicious execution, or prompt injection was found in SKILL.md or the supporting documentation.
能力评估
Purpose & Capability
The name/description and the SKILL.md consistently describe taking screenshots via ScreenshotOne and show the exact curl commands needed — that purpose matches the instructions. However, the registry metadata claims no required environment variables while the runtime instructions explicitly require SCREENSHOTONE_ACCESS_KEY, which is an inconsistency.
Instruction Scope
Instructions are narrowly focused on building curl requests to api.screenshotone.com and saving results locally. They also document options like metadata_content, scripts, and storage: these are legitimate ScreenshotOne features but can return page contents or upload results to configured storage if a user enables them. The SKILL.md recommends passing the access_key in a query parameter; note that sending credentials in URLs can leak via logs or referer headers.
Install Mechanism
There is no install spec and no code files — this is instruction-only, which minimizes installation risk. Nothing is downloaded or written by the skill itself.
Credentials
The skill's instructions require SCREENSHOTONE_ACCESS_KEY, but the registry lists no required env vars or primary credential. That mismatch is a material omission. Beyond the access_key, no other credentials are requested in instructions; however, several request parameters (storage_endpoint, proxy, authorization, metadata options) can be used to move or disclose captured content, so the single access key should be treated as sensitive.
Persistence & Privilege
always:false (default) — the skill does not request permanent inclusion. The included agents/openai.yaml sets allow_implicit_invocation: true, which permits the agent to call this skill implicitly when eligible; that is normal but worth noting because it allows the agent to invoke screenshot captures without an explicit user command if policy allows it.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install screenshotone-website-screenshot - 安装完成后,直接呼叫该 Skill 的名称或使用
/screenshotone-website-screenshot触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of screenshotone-website-screenshot skill.
- Enables taking website screenshots with ScreenshotOne using direct curl commands.
- Supports saving screenshots to a local file and customizing API options (e.g. full_page, viewport size, wait, cleanup, and output format).
- Includes usage overview, command templates, and concise option selection guidance.
- Relies on passing the access key via SCREENSHOTONE_ACCESS_KEY environment variable.
元数据
常见问题
Website ScreenshotOne (by ScreenshotOne) 是什么?
Use this skill when you need to take website screenshots with ScreenshotOne using direct curl commands, save the result to a local file, or choose Screenshot... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 121 次。
如何安装 Website ScreenshotOne (by ScreenshotOne)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install screenshotone-website-screenshot」即可一键安装,无需额外配置。
Website ScreenshotOne (by ScreenshotOne) 是免费的吗?
是的,Website ScreenshotOne (by ScreenshotOne) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Website ScreenshotOne (by ScreenshotOne) 支持哪些平台?
Website ScreenshotOne (by ScreenshotOne) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Website ScreenshotOne (by ScreenshotOne)?
由 Dmytro Krasun(@krasun)开发并维护,当前版本 v1.0.0。
推荐 Skills