ClawHub

WSL Windows Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides WSL agents with Windows command and file access, but that broad host-level authority is not well bounded or clearly controlled.

Install only if you intentionally want agents in WSL to run Windows commands and modify Windows-accessible files. Review setup.sh first, note that the advertised win-* wrappers are missing from this reviewed package, and require explicit approval before using it for destructive file changes, Windows process control, trading tools, or account-related directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly advertises that the skill enables cross-system command execution and Windows file read/write from WSL, but it provides no warning, scope limitation, or safety guidance. In an agent skill context, this materially expands the agent's authority across trust boundaries, making accidental or malicious command execution on the Windows host more dangerous than a normal utility wrapper.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup instructions state that installation will copy executables into ~/.openclaw/bin and generate or require manual editing of ~/.openclaw/env.windows.sh, but they do not prominently warn that running setup modifies files in the user's home directory. Silent or under-disclosed home-directory modification is risky because it can alter future agent behavior and persist executable wrappers without clear user consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises direct execution of PowerShell and CMD commands and Windows Python from WSL without an explicit warning that these interfaces can execute arbitrary system commands on the Windows host. In this context, the bridge increases risk because it crosses an OS boundary, exposing the host filesystem and native Windows tooling to any downstream prompt, script, or untrusted parameter passed through the wrappers.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal