📦 Sshot — 全屏截图
v1.0.0基于 PowerShell 的全屏截图工具,一键捕获当前屏幕并保存为图片文件,无需安装第三方软件,适合快速记录、故障排查与报告编写。
0· 152·0 当前·0 累计
by @alenzhu72下载技能包
最后更新
2026/4/19
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill delegates work to an external PowerShell script located at C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 and runs PowerShell with -ExecutionPolicy Bypass. That combination allows the script to do anything the account can do (read files, access network, exfiltrate data). If you do not control or trust that script, do not install or run this skill. Safer options: 1) Ask the author to include the screenshot PowerShell code directly in the skill or provide the exact contents of sshot.ps1 f...详细分析 ▾
⚠ 用途与能力
The stated purpose (take a full-screen screenshot) is plausible, but the instructions hard-code execution of C:\Users\AlenZhu\.openclaw\scripts\sshot.ps1 on a node named 'My Windows Node'. Requiring a user-specific script and node name is not proportional to the simple described capability and suggests the skill depends on an external, opaque script rather than providing a self-contained implementation.
⚠ 指令范围
The SKILL.md tells the agent to run PowerShell with -ExecutionPolicy Bypass to execute an external .ps1 file in a user's home directory and to return stdout. That grants the executed script full freedom to perform arbitrary actions (file reads, network access, credential use) and to emit arbitrary data via stdout. The instructions do not include or validate the script contents, do not fall back if the script is missing, and assume a specific node name/path that may not exist.
✓ 安装机制
This is an instruction-only skill with no install spec or bundled code, which minimizes written artifacts. However, because it delegates to a local script that is not included, the skill relies on out-of-band installation of potentially untrusted code.
⚠ 凭证需求
No environment variables or credentials are declared, but the skill expects access to a specific file under C:\Users\AlenZhu. Hard-coding another user's home path is disproportionate and opaque. The use of PowerShell -ExecutionPolicy Bypass increases risk because it disables execution restrictions that might otherwise limit harmful scripts.
✓ 持久化与权限
The skill does not request persistent 'always' inclusion or system-wide configuration changes. It only instructs a one-time command execution on a specified node. That said, runtime execution of an arbitrary PowerShell script can still have high-privilege effects on the target system depending on the node's permissions.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSWindows
版本
latestv1.0.02026/3/17
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install sshot
镜像加速npx clawhub@latest install sshot --registry https://cn.longxiaskill.com镜像同步中