ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sshot

v1.0.0

Take full screen screenshot using PowerShell

0· 185·0 current·0 all-time
by@alenzhu72

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alenzhu72/sshot.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sshot" (alenzhu72/sshot) from ClawHub.
Skill page: https://clawhub.ai/alenzhu72/sshot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sshot

ClawHub CLI

Package manager switcher

npx clawhub@latest install sshot
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The stated purpose (take a full-screen screenshot) is plausible, but the instructions hard-code execution of C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 on a node named 'My Windows Node'. Requiring a user-specific script and node name is not proportional to the simple described capability and suggests the skill depends on an external, opaque script rather than providing a self-contained implementation.
!
Instruction Scope
The SKILL.md tells the agent to run PowerShell with -ExecutionPolicy Bypass to execute an external .ps1 file in a user's home directory and to return stdout. That grants the executed script full freedom to perform arbitrary actions (file reads, network access, credential use) and to emit arbitrary data via stdout. The instructions do not include or validate the script contents, do not fall back if the script is missing, and assume a specific node name/path that may not exist.
Install Mechanism
This is an instruction-only skill with no install spec or bundled code, which minimizes written artifacts. However, because it delegates to a local script that is not included, the skill relies on out-of-band installation of potentially untrusted code.
!
Credentials
No environment variables or credentials are declared, but the skill expects access to a specific file under C:\Users\AlenZhu. Hard-coding another user's home path is disproportionate and opaque. The use of PowerShell -ExecutionPolicy Bypass increases risk because it disables execution restrictions that might otherwise limit harmful scripts.
Persistence & Privilege
The skill does not request persistent 'always' inclusion or system-wide configuration changes. It only instructs a one-time command execution on a specified node. That said, runtime execution of an arbitrary PowerShell script can still have high-privilege effects on the target system depending on the node's permissions.
What to consider before installing
This skill delegates work to an external PowerShell script located at C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 and runs PowerShell with -ExecutionPolicy Bypass. That combination allows the script to do anything the account can do (read files, access network, exfiltrate data). If you do not control or trust that script, do not install or run this skill. Safer options: 1) Ask the author to include the screenshot PowerShell code directly in the skill or provide the exact contents of sshot.ps1 for review. 2) Make the script path and node configurable instead of hard-coded. 3) Run the skill in a sandbox/VM first or inspect the referenced PS1 file before granting execution rights. 4) If you need only screenshots, prefer a skill that uses explicit, minimal inline commands (no ExecutionPolicy Bypass) or a well-known, reviewed helper binary.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📷 Clawdis
OSWindows
latestvk978qq3henaa254kwcc3x438an833p7q
185downloads
0stars
1versions
Updated 22h ago
v1.0.0
MIT-0
Windows
@alenzhu72
latest
Download

When the user types /sshot, take a full screen screenshot.

Use system.run on node My Windows Node.

Execute:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File "C:\Users\AlenZhu.openclaw\scripts\sshot.ps1"

Wait until the command finishes and return stdout (screenshot file path).

Comments

Loading comments...