Skill Trust Decision

sshot

Name: sshot Trust Review Report
Item: sshot
Rating: 55
Author: ClawSafe

The skill delegates execution to an opaque external PowerShell script that is not included in the package, creating an unauditable blind spot where undeclared behavior could occur without being detected.

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 3

Artifacts 0

Violations 0

Findings 3

Most direct threat evidence

Skill presents as a simple screenshot utility through SKILL.md Entry · SKILL.md

Skill delegates execution to opaque external script at C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 with ExecutionPolicy Bypass, bypassing PowerShell security controls Escalation · SKILL.md

External script is unauditable — could harvest credentials, exfiltrate data, or execute arbitrary commands without any record in the skill package Impact · External: sshot.ps1

Why this conclusion was reached

1/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Pass

Hidden execution and egress

No obvious high-risk egress or execution signals were found.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 1 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

Skill presents as a simple screenshot utility through SKILL.md

Entry · SKILL.md:1

Skill delegates execution to opaque external script at C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 with ExecutionPolicy Bypass, bypassing PowerShell security controls

Escalation · SKILL.md:11

External script is unauditable — could harvest credentials, exfiltrate data, or execute arbitrary commands without any record in the skill package

Impact · External: sshot.ps1

What drove the risk score up

Undeclared opaque script delegation +20

The skill defers all logic to C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 which is not included in the package, preventing any code audit

Hardcoded user-specific path +10

Path C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 contains a specific username, suggesting a targeted deployment that is not portable and could be leveraged for user-specific targeting

No code artifacts to audit +10

Only SKILL.md and meta.json are present; no scripts, source code, or dependencies to verify the actual behavior described

ExecutionPolicy Bypass flag +5

PowerShell -ExecutionPolicy Bypass can disable security policies, increasing the impact if the external script is malicious

Most important evidence

High Doc Mismatch

Critical script artifact not included in package

The SKILL.md declares behavior as 'take full screen screenshot' but delegates all implementation to an external PowerShell script (C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1) that is not included in this package. There is no source code, script, or dependency file to audit the actual behavior of the skill. The skill's true behavior is entirely opaque.

SKILL.md:11

Require the sshot.ps1 script to be included in the package. Audit it for screenshot-only behavior, no network access, and no credential/sensitive file access.

Medium Sensitive Access

Hardcoded user-specific path in skill definition

The script path references a specific Windows user profile (C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1). This indicates the skill was authored for a single targeted machine rather than being portable. An attacker controlling this path or compromising the referenced location could replace the script with malicious code.

SKILL.md:11

Use a relative or configurable path for the script. Include the script in the package itself rather than referencing an external location.

Medium Doc Mismatch

ExecutionPolicy Bypass weakens PowerShell security controls

The -ExecutionPolicy Bypass flag disables PowerShell script signing and execution policy requirements. While this is sometimes legitimate for automation scripts, it is not mentioned or justified in the documentation. Combined with the unauditable external script, this increases risk.

SKILL.md:10

If -ExecutionPolicy Bypass is necessary, document why. Prefer -ExecutionPolicy RemoteSigned or include the script inline to avoid bypassing security controls.

Declared capability vs actual capability

Shell Pass

Declared WRITE

→

Inferred WRITE

SKILL.md:11 - system.run on node

Filesystem Pass

Declared NONE

→

Inferred UNKNOWN

External script sshot.ps1 not provided; behavior cannot be audited

Network Pass

Declared NONE

→

Inferred UNKNOWN

External script sshot.ps1 not provided; network behavior cannot be audited

Suspicious artifacts and egress

No obvious IOC was extracted.

Dependencies and supply chain

There are no structured dependency warnings.

File composition

3 files · 34 lines

Markdown 2 files · 30 linesJSON 1 files · 4 lines

Files of concern · 1

SKILL.md Markdown · 15 lines

Critical script artifact not included in package · Hardcoded user-specific path in skill definition · ExecutionPolicy Bypass weakens PowerShell security controls

Other files · SKILL.md · meta.json

Security positives

No base64-encoded payloads or obfuscated code found

No direct credential harvesting loops over environment variables

No curl|bash or wget|sh remote script fetching in visible files

No evidence of reverse shell, C2, or data exfiltration in provided files

The described behavior (taking a screenshot) is a legitimate, well-defined feature