Back to skill

Security audit

Windows应用控制器

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Windows desktop automation guide, but it gives an agent broad click, typing, screenshot, file-saving, and force-close abilities without enough consent or scoping safeguards.

Install only if you intentionally want an agent to control a Windows desktop. Use it in a VM or test account when possible, close sensitive windows first, and require explicit confirmation before screenshots, clipboard use, form submission, file creation or overwrite, app launch, or force-closing processes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation phrases like “控制应用 / 自动化Windows / GUI操作” are broad enough that ordinary user requests about Windows usage could unintentionally trigger a high-privilege desktop automation skill. Because this skill can launch/kill processes, type keystrokes, click UI elements, and capture screenshots, accidental invocation materially raises the risk of unintended destructive or privacy-impacting actions.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill advertises capabilities to open/close apps, click through GUIs, fill forms, and take screenshots, but it does not provide prominent user-facing warnings or consent requirements for destructive operations and privacy-sensitive data capture. In the context of desktop automation, these capabilities can expose on-screen secrets, alter user data, submit forms, or terminate applications without sufficiently informed approval.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example workflow saves a file and screenshots to disk without warning that it will create or overwrite local artifacts. Even as sample code, this normalizes state-changing behavior in a skill intended for autonomous use, increasing the chance of unintended data modification, persistence of sensitive screenshots, or cluttering user systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The screenshot examples include full-screen and region capture, plus saving outputs, without privacy warnings or consent checks. In a desktop-control skill, screenshots can capture credentials, personal messages, financial data, or proprietary information from any visible application, making this especially dangerous in unattended or ambiguous contexts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.