ClawHub

PowerSkills

Security checks across malware telemetry and agentic risk

Overview

PowerSkills appears to be a legitimate Windows automation skill, but it gives an agent broad control over email, browser, desktop, and PowerShell with limited safety guardrails.

Install only if you deliberately want an agent to operate your Windows desktop, Outlook account, Edge browser session, and PowerShell environment. Use it in a trusted local context, verify the underlying scripts before changing execution policy, and require confirmation before email sending, browser form submission or JavaScript, screenshots, keystrokes, environment-variable reads, or shell commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises high-risk capabilities such as shell command execution, browser automation, desktop screenshots, keystrokes, and Outlook access, but does not prominently warn that these actions can expose sensitive data or execute destructive operations. In an agent-facing skill, this omission increases the chance that an LLM or operator enables powerful automation without understanding the security boundaries or need for authorization.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README recommends setting PowerShell execution policy to RemoteSigned or running the tool with ExecutionPolicy Bypass, but provides no caution that bypassing execution-policy protections reduces defense-in-depth and can normalize unsafe script execution practices. In an AI-agent automation toolkit, this is especially dangerous because users may copy-paste the command and broadly weaken host protections to enable a highly privileged skill.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill advertises broad Windows automation capabilities including Outlook access, browser control, desktop interaction, screenshots, keystrokes, and shell command execution, but provides no prominent warning, consent model, or safety boundaries around access to sensitive user data and system state. In an agent context, these capabilities materially increase the risk of privacy violations, credential exposure, destructive system actions, or unintended exfiltration if invoked without strict guardrails.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This skill documentation exposes state-changing browser capabilities such as clicking elements, filling forms, executing JavaScript, navigating, and closing tabs, but does not warn that these actions can submit data, alter account settings, trigger transactions, or lose user work. In an AI-agent context, omission of these side-effect warnings increases the chance that an agent will invoke dangerous actions on live sessions or sensitive sites without explicit user confirmation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad enough to match many ordinary user requests involving screenshots, window control, typing, or launching programs, which can cause an agent to invoke powerful desktop automation without clear boundaries or consent checks. In this context, the available actions include privacy-sensitive screen capture and state-changing keyboard/app operations, so over-triggering increases the chance of unintended data exposure or unsafe system interaction.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation exposes capabilities for screenshot capture, keystroke injection, window manipulation, and application launching without any warnings, approval requirements, or safety constraints. These operations can capture sensitive information from the desktop, interfere with active applications, or execute unintended programs, making misuse or accidental harm more likely in an agent-driven environment.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description uses broad trigger language like 'Use when needing to check work email, read/send Outlook messages, search mail, or view calendar,' which overlaps with common everyday requests and can cause an agent to invoke a high-privilege Outlook automation skill too readily. Because this skill can access mailbox contents and send email on the user's behalf, overbroad invocation criteria increase the risk of unintended data access or unauthorized outbound communication.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description and action list do not prominently warn that the skill can send new email and reply as the user via the local Outlook profile. In this context, omission is dangerous because the skill operates with the user's real mailbox identity, so an agent may escalate from benign email-reading tasks to external communications without the user appreciating that the action is high-impact and identity-bearing.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description is broad enough that an agent may select this skill for generic 'system' tasks, even when the user did not explicitly request shell execution or environment inspection. Because this skill exposes arbitrary PowerShell command execution, over-broad routing materially increases the chance of unnecessary command execution, privilege misuse, or accidental access to sensitive host data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises shell execution and environment-variable access without any warning about the security implications, such as executing destructive commands, exposing secrets stored in environment variables, or operating on the local host with the agent's privileges. In an agent setting, missing safety warnings and usage constraints make unsafe invocation more likely and increase the blast radius of prompt-influenced actions.

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal