ClawHub

Orgo Desktop Control

Security checks across malware telemetry and agentic risk

Overview

This is a powerful but openly documented Orgo cloud-desktop control skill, with no evidence of hidden execution, deception, or exfiltration beyond its stated purpose.

Install only if you need Orgo cloud-desktop automation and trust the publisher with an Orgo API key. Use a limited, rotatable key; do not print or share VNC passwords, signed download URLs, screenshots, or real login credentials; confirm uploads, downloads, streaming, remote commands, and deletes before letting an agent perform them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly enables network-backed remote desktop provisioning and control, but the metadata does not declare permissions or explicitly warn about those capabilities. This creates a trust and governance gap: callers may invoke a skill with significant external access without an accurate capability declaration, increasing the risk of unintended remote actions or policy bypass.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill requires ORGO_API_KEY and demonstrates loading it from the environment, but it provides no guidance on secret handling, redaction, storage, or prohibition on exposing the key in logs and outputs. In a remote-control skill, compromise of this credential could let an attacker provision and control cloud desktops, access files, and incur costs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented computer deletion operation is irreversible and shown directly as executable example code without an immediate warning or explicit confirmation requirement at the point of use. In an automation context, this increases the chance of accidental destruction of user environments, loss of remote state, and disruption of running work.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The file deletion API is documented without any warning about permanence, target validation, or confirmation requirements. Because the skill manages remote files, an agent could delete important data programmatically and silently, especially if file identifiers are derived from prior automation steps or user-ambiguous requests.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example login flow hardcodes and types plaintext credentials directly into a remote desktop session without any warning about secret handling, redaction, or safer credential injection. In this skill's context, screenshots, logs, prompts, or exported artifacts could expose those credentials, making the pattern risky even though it is presented as documentation rather than an attack primitive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal