ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WSL-PowerShell Controller

v1.0.1

Control Windows PowerShell from WSL by executing commands and scripts on the Windows host using mounted Windows executables.

0· 281·1 current·1 all-time
by@tyzzt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included materials: SKILL.md, README, and psctl.sh all describe invoking Windows PowerShell from WSL and path conversion. No unrelated credentials, binaries, or configuration paths are requested.
Instruction Scope
Runtime instructions and the script only describe/perform locating a pwsh/powershell executable under /mnt and running commands or script files. They reference only expected files (scripts under /mnt or local skill scripts) and utilities (wslpath). No instructions ask the agent to read unrelated host files, environment secrets, or send data to external endpoints.
Install Mechanism
There is no install spec (instruction-only approach) and the provided install instructions in README are standard git/wget steps pointing to a GitHub repo. No downloads from obscure hosts or extracted archives in the install metadata.
Credentials
Registry lists no required env vars (correct). The script optionally respects DEBUG, VERBOSE and a PWSH_PATH override, which are normal optional controls; these are not required credentials. Note: PWSH_PATH is supported by the script but not listed as a required env var — this is benign (an optional override) but worth knowing.
Persistence & Privilege
Skill is not force-included (always: false) and does not request persistent system-wide changes. It does allow executing commands on the Windows host (the intended capability) — this is expected for the skill but is a functional capability, not an unexplained privilege escalation.
Assessment
This skill is coherent and implements exactly what it claims: a helper to run Windows PowerShell from WSL. Before installing, confirm you actually run under WSL and trust the Windows host, because the skill (and automated agents using it) can execute arbitrary PowerShell commands on your Windows system. Review psctl.sh if you have strict security needs, avoid running it with elevated privileges unless necessary, and don't grant autonomous agents permission to run skills that execute host commands unless you trust the agent and its prompts.

Like a lobster shell, security has layers — review code before you run it.

automationvk9789a4pbnv8zcbrvghd48yrjd82r3s4latestvk9789a4pbnv8zcbrvghd48yrjd82r3s4powershellvk9789a4pbnv8zcbrvghd48yrjd82r3s4windowsvk9789a4pbnv8zcbrvghd48yrjd82r3s4wslvk9789a4pbnv8zcbrvghd48yrjd82r3s4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments