Back to plugin

Security audit

CleanShot Tool

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed CleanShot control plugin that can capture, record, OCR, and optionally upload screen content when invoked, but I found no hidden persistence, credential access, arbitrary shell execution, or unrelated data exfiltration.

Install only if you want OpenClaw agents to be able to control CleanShot X. Avoid invoking capture, OCR, recording, or upload tools while secrets, private messages, regulated data, or sensitive documents are visible. Be especially careful with the upload action if CleanShot Cloud is enabled, and do not use the unsafe-install bypass unless you have reviewed the source and understand why OpenClaw flagged child_process.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.