ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

wsl-screenshot

v0.0.1

Capture screenshots from WSL by calling Windows PowerShell. Use when user wants to take a screenshot from WSL environment, or needs screenshot functionality...

0· 68·0 current·0 all-time
by@wxuanyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (capture screenshots from WSL via PowerShell) matches what the script does, but the registry metadata lists no required binaries while the SKILL.md and script require PowerShell at an exact Windows path (/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe). The script also hard-codes a Windows user path (C:\Users\97027\Pictures), which is unusual for a general-purpose skill.
!
Instruction Scope
The runtime instructions and script capture the entire primary screen via PowerShell and write images into a specific user's Pictures folder, then show examples that enumerate that folder and send the latest file via a 'message' tool. This is narrow in function but directly accesses and transmits potentially sensitive user data (screenshots) and uses a hard-coded username and path. The README does not clarify what the 'message' tool is or whether transmission is local or external.
Install Mechanism
There is no install spec (instruction-only) and the script is bundled as a plain shell file. No external downloads or package installs are performed by the skill itself.
Credentials
The skill requests no credentials or environment variables, which is appropriate. However it assumes filesystem access to /mnt/c/Users/97027 and the presence of PowerShell at a specific path; the hard-coded username/path reduces portability and may indicate the skill was created for a single machine.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not attempt to modify other skills or system configuration. It only provides a script to run on demand.
What to consider before installing
Before installing or running this skill: 1) Review the script yourself — it captures the full primary screen and saves images to C:\Users\97027\Pictures (examine for any unwanted behavior). 2) Confirm the PowerShell path exists on your machine; the metadata did not declare this dependency. 3) Edit the script to remove the hard-coded username/path (use an environment variable or $USER-derived path) if you want portability. 4) Understand the 'message' command used in the README — verify whether it sends files externally and which recipients/services are involved. 5) Only run this on a machine and account you trust, because screenshots can contain sensitive secrets; consider limiting where screenshots are stored or testing in a safe environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fahpapemc6qbp61jhc2rfpd83xs69

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments