ClawHub

Windows Skills

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Windows desktop automation skill, but screenshots, OCR, and image-based clicks can expose or affect whatever is on the user's screen.

Install only if you need local desktop automation. Close or hide sensitive windows before captures or OCR, prefer region/window captures over full-screen captures, choose screenshot output paths deliberately, and confirm targets before using image matches to click or change anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly enables screenshot capture and OCR extraction but does not warn that these operations can collect secrets visible on screen, such as passwords, tokens, personal data, emails, or proprietary documents. In an agent setting, this omission increases the risk of overscoped data collection and accidental exfiltration because users may invoke the skill without understanding the privacy implications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example performs an automated click immediately after image matching without any warning or confirmation step, which can trigger unintended actions if the match is wrong or the UI changes. In desktop automation, this can cause destructive behavior such as submitting forms, approving prompts, launching software, or interacting with privileged dialogs.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This function captures the entire screen and writes the image directly to disk with no consent prompt, warning, or safeguards around sensitive content. In an agent skill context, screenshots can easily include credentials, personal data, internal documents, or other confidential information, so silent persistence of screen contents creates a meaningful privacy and data-exposure risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
Although this function captures only a region, it still saves potentially sensitive visual data to disk without any user-facing disclosure or validation of what is being captured. Partial screenshots can still expose secrets such as chats, tokens, account details, or regulated data, especially when called programmatically by an automation agent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code enumerates visible windows and allows capture by partial title match, which can reveal both window metadata and the contents of targeted applications without warning. In a skill or agent environment, this increases the risk of collecting sensitive information from unrelated applications, and partial matching makes accidental or overly broad targeting easier.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal