Back to skill

Security audit

Mcp Control

Security checks across malware telemetry and agentic risk

Overview

The skill appears to disclose its desktop-control purpose, but it also gives the agent unrestricted local Windows command execution that users should review carefully before installing.

Install only if you are comfortable giving the skill shell-level control of your Windows machine and browser session. Use it in a low-risk environment, avoid running it on sensitive accounts or private data unless necessary, and closely review any workflow that could be influenced by webpage or document content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## Safety notes

- `windows run` and `windows ps` execute arbitrary commands. Treat them like a shell.
- Screenshots and click events affect the user's actual desktop.
- `windows activate` will switch the foreground window out from under the user.
- `playwright-cli` over CDP sees and acts on whatever's open in the connected
Confidence
95% confidence
Finding
execute arbitrary commands

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.