Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Windows Printing
v0.1.0在 Windows 上列出可用打印机并执行本地文件打印,支持让用户从可用打印机中选择,并配置黑白/彩色、份数、单面/双面、沿长边翻转、沿短边翻转、纸张大小。用户提到“打印”“打印机”“单面/双面”“长边翻转”“短边翻转”“A4”“黑白/彩色”“打印 PDF/文档/图片”时使用。
⭐ 0· 68·1 current·1 all-time
byFue Tsui@fuetsui
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (Windows printing) align with the instructions: listing printers, resolving local files, and printing with configurable options. However, the instructions rely on scripts under <skill-dir>/scripts (resolve_file.ps1, list_printers.ps1, print_file.ps1) which are not included in the package. That omission is a significant inconsistency: the skill either is incomplete or expects external scripts from an unknown source.
Instruction Scope
The SKILL.md instructs the agent to search user folders (Desktop, Documents, Downloads) for fuzzy filenames and to run PowerShell scripts that may modify printer configuration (Set-PrintConfiguration). Searching these user directories and changing printer settings are within a printing skill's scope but are sensitive operations. The instructions also use 'ExecutionPolicy Bypass' to run scripts, which increases risk if the scripts are malicious or come from an untrusted location. The document does not instruct sending data to any external endpoint, but it does allow reading local file paths and script outputs (receipts).
Install Mechanism
There is no install spec (instruction-only), which is low risk in itself. But because the runtime explicitly calls scripts located at <skill-dir>/scripts/*.ps1 and those scripts are not present in the package, it's unclear where or how those scripts will be obtained. If the missing scripts are fetched automatically at runtime from an external source, that would be high risk. As-is the package is incomplete and would fail or prompt fetching code from unknown places.
Credentials
The skill requests no environment variables or external credentials, which is proportionate to a local printing task. It does require access to the user's local filesystem (to resolve files) and to the Windows print subsystem (to list printers and change configuration), which are expected for this purpose but are sensitive and worth explicit user consent.
Persistence & Privilege
always is false and model invocation is allowed (normal). The scripts can modify printer settings (Set-PrintConfiguration) and attempt to restore them; modifying printer config is a privileged action relative to user expectations but is coherent with printing. There is no indication the skill persists permanently or changes other skills' configs.
What to consider before installing
This skill appears to do what it says (list printers, pick files, print with options), but there are two important issues to resolve before installing: (1) The SKILL.md expects three PowerShell scripts in <skill-dir>/scripts/ but those scripts are not included. Ask the publisher for the actual scripts and review them line-by-line before running. (2) The runtime will search your Desktop/Documents/Downloads and run PowerShell with ExecutionPolicy Bypass and will call Set-PrintConfiguration (which changes printer settings). Only install if you trust the script sources and are comfortable allowing the agent to read those folders and change printer settings. If you proceed, require an explicit confirmation step before any actual print job and consider testing in a controlled environment (or asking the author to bundle the scripts and provide their source/homepage).Like a lobster shell, security has layers — review code before you run it.
latestvk976y8hs40sb4s9fmbtj03n8xn840d2n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.