Consider an equivalent variant of a regular Schnorr signature that signs a message $m$. I'm assuming $s$ is a sufficiently high-entropy secret, and so that therefore $S$ cannot be brute forced.
The signature would be the pair $(B=bG,\ p=c\cdot s-b)$. It would be verified by checking that $B\overset{?}{=}cS-pG$, where $c = H(B \mathbin\| m)$.
You're removing the challenge $c$, so the first disadvantage is that you are no longer able to sign a message. You can only prove you know $s$.
You therefore have the pair $(B=bG,\ p=s-b)$, and the verification is $pG\overset{?}{=}S-B$.
The challenge was also part of a Fiat-Shamir heuristic that prevented $B$ from being calculated after the challenge $c$ was chosen. Therefore, there is a problem if Bob is able to declare his public key $B$ after $S$ has been announced. Bob could simply pick a random $p$ value, determine $B=S-pG$, and claim his public key is $B$. This could be solved in two ways: 1. Bob is required to declare $B$ prior to $S$ being declared. 2. Bob is required to provide a signature proving knowledge of $b$ such that $B\overset{?}{=}bG$.
Assuming Bob's public key was declared prior to $S$ being declared, you therefore do have a valid way of proving knowledge of $s$. As you've pointed out, Alice could trivially learn Bob's private key $b$. Therefore this does not meet the definition of zero knowledge, which requires "without revealing the information itself or any additional information".
Your construction is therefore similar in definition to an "adaptor signature", because "an adaptor signature scheme can authenticate messages, but simultaneously leaks a secret to certain parties". Your scheme doesn't sign messages, but it does prove knowledge of $s$ while verifiably leaking $b$ to Alice.
Note there may also be issues with your scheme where there is a second secret $s'$, and for some reason $s'-s$ becomes known.