安全决策报告
sshot
The skill delegates execution to an opaque external PowerShell script that is not included in the package, creating an unauditable blind spot where undeclared behavior could occur without being detected.
最直接的威胁证据
01
Skill presents as a simple screenshot utility through SKILL.md 初始入口 · SKILL.md
02
Skill delegates execution to opaque external script at C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 with ExecutionPolicy Bypass, bypassing PowerShell security controls 权限提升 · SKILL.md
03
External script is unauditable — could harvest credentials, exfiltrate data, or execute arbitrary commands without any record in the skill package 最终危害 · External: sshot.ps1
为什么得出这个结论
1/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
通过
隐藏执行与外联
当前没有明显的高危外联或执行信号。
阻止
攻击链与高危发现
报告包含 3 步攻击链,另有 1 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
Skill presents as a simple screenshot utility through SKILL.md
初始入口 · SKILL.md:1
02
Skill delegates execution to opaque external script at C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 with ExecutionPolicy Bypass, bypassing PowerShell security controls
权限提升 · SKILL.md:11
03
External script is unauditable — could harvest credentials, exfiltrate data, or execute arbitrary commands without any record in the skill package
最终危害 · External: sshot.ps1
风险分是怎么被拉高的
Undeclared opaque script delegation +20
The skill defers all logic to C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 which is not included in the package, preventing any code audit
Hardcoded user-specific path +10
Path C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 contains a specific username, suggesting a targeted deployment that is not portable and could be leveraged for user-specific targeting
No code artifacts to audit +10
Only SKILL.md and meta.json are present; no scripts, source code, or dependencies to verify the actual behavior described
ExecutionPolicy Bypass flag +5
PowerShell -ExecutionPolicy Bypass can disable security policies, increasing the impact if the external script is malicious
最关键的证据
高危 文档欺骗
Critical script artifact not included in package
The SKILL.md declares behavior as 'take full screen screenshot' but delegates all implementation to an external PowerShell script (C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1) that is not included in this package. There is no source code, script, or dependency file to audit the actual behavior of the skill. The skill's true behavior is entirely opaque.
SKILL.md:11 Require the sshot.ps1 script to be included in the package. Audit it for screenshot-only behavior, no network access, and no credential/sensitive file access.
中危 敏感访问
Hardcoded user-specific path in skill definition
The script path references a specific Windows user profile (C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1). This indicates the skill was authored for a single targeted machine rather than being portable. An attacker controlling this path or compromising the referenced location could replace the script with malicious code.
SKILL.md:11 Use a relative or configurable path for the script. Include the script in the package itself rather than referencing an external location.
中危 文档欺骗
ExecutionPolicy Bypass weakens PowerShell security controls
The -ExecutionPolicy Bypass flag disables PowerShell script signing and execution policy requirements. While this is sometimes legitimate for automation scripts, it is not mentioned or justified in the documentation. Combined with the unauditable external script, this increases risk.
SKILL.md:10 If -ExecutionPolicy Bypass is necessary, document why. Prefer -ExecutionPolicy RemoteSigned or include the script inline to avoid bypassing security controls.
声明能力 vs 实际能力
命令执行 通过
声明 WRITE
→ 推断 WRITE
SKILL.md:11 - system.run on node 文件系统 通过
声明 NONE
→ 推断 UNKNOWN
External script sshot.ps1 not provided; behavior cannot be audited 网络访问 通过
声明 NONE
→ 推断 UNKNOWN
External script sshot.ps1 not provided; network behavior cannot be audited 可疑产物与外联
没有提取到明显 IOC。
依赖与供应链
没有结构化依赖告警。
文件构成
3 个文件 · 34 行
Markdown 2 个文件 · 30 行JSON 1 个文件 · 4 行
需关注文件 · 1
SKILL.md Critical script artifact not included in package · Hardcoded user-specific path in skill definition · ExecutionPolicy Bypass weakens PowerShell security controls
其他文件 · SKILL.md · meta.json
安全亮点
No base64-encoded payloads or obfuscated code found
No direct credential harvesting loops over environment variables
No curl|bash or wget|sh remote script fetching in visible files
No evidence of reverse shell, C2, or data exfiltration in provided files
The described behavior (taking a screenshot) is a legitimate, well-defined feature