ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

printer-control

v1.0.0

Control local and network printers on Windows to list printers, print files or text, check status, and set default printer with name matching support.

0· 137·0 current·0 all-time
by@zhangpl666ya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name, description, SKILL.md, and the included Python scripts consistently implement Windows printer management (list printers, print text/files, check status, set default). The required capabilities and code are proportionate to the stated purpose.
!
Instruction Scope
Scripts use subprocess.run to call PowerShell and Start-Process, create temporary files, and launch Notepad or other local applications. Several PowerShell script strings interpolate user-supplied printer names and file paths directly (e.g., print_file.py, set_default.py, printer_status.py). This introduces command-injection and shell-escaping risks if the printer/file name inputs are untrusted. The SKILL.md instructs users to run privileged operations in troubleshooting (Restart-Service), which may require admin rights; that’s a scope-relevant but higher-privilege action.
Install Mechanism
Instruction-only skill with optional dependency on pywin32 (pip). No external downloads or installers in the manifest; fallback uses built-in PowerShell. This is a low-risk install profile.
Credentials
The skill requests no environment variables, no credentials, and no config paths. All required accesses are local and consistent with printer management.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or global agent configuration.
What to consider before installing
This skill appears to do what it claims (Windows printer control) but be cautious before installing or running it: - Only run these scripts on a trusted machine and with trusted inputs. The scripts interpolate printer names and file paths into PowerShell command strings without rigorous escaping; supplying untrusted or specially crafted names could lead to command injection or unexpected PowerShell behavior. - Printing operations read and send file contents and create temporary files; do not feed sensitive files to this skill unless you trust it and the environment. - Some troubleshooting steps (Restart-Service -Name Spooler) require administrative privileges — be careful granting elevated rights. - There are minor bugs/oddities (e.g., the PowerShell snippet in print_file.py attempts to change printer default via Set-Printer -Shared instead of setting Default) — review behavior before using in production. Recommendations before proceeding: 1) Inspect/run the scripts locally in a safe environment (VM) and test with non-sensitive files. 2) If you plan to integrate this into an automated agent, sanitize/validate printer and file-name inputs and avoid running with elevated privileges unless necessary. 3) Consider hardening the code by properly escaping/interpolating values when constructing PowerShell commands (or using subprocess with argument arrays and avoiding -Command with embedded strings), and by adding input validation and logging for auditability.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ynw2zeyft5p601cv03wz35834cpt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments