ClawHub

Peekaboox

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate X11 desktop automation tool, but it gives an agent broad screenshot, window-inspection, and keystroke-control powers without clear runtime guardrails.

Install only if you intentionally want an agent to control your local X11 desktop. Use it in a trusted, non-sensitive session, verify the target window before typing or clicking, avoid password managers, banking, admin prompts, and private chats, and treat saved screenshots/window titles as potentially sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises full desktop automation capabilities including screenshot capture, input injection, and window control, but does not warn that these actions can alter user state, exfiltrate on-screen data, or interfere with active sessions. In an agent skill context, that omission is security-relevant because it normalizes powerful operations without setting expectations, constraints, or operator safeguards.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples show keystroke injection and other GUI-driving actions as routine usage without warning that hotkeys and window operations can trigger destructive behavior such as closing applications, discarding unsaved work, sending unintended input, or interacting with privileged dialogs. In a desktop automation skill, concise examples strongly shape usage, so missing cautions materially increases misuse risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is extremely broad ('any task requiring interaction with graphical applications' and 'remote desktop control'), which can cause the agent to invoke this skill for many unrelated requests that merely mention desktop apps. Because the skill enables high-impact actions like clicking, typing, window management, and screenshot capture, overbroad routing increases the chance of unintended GUI manipulation or data exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs screenshot capture, visual inspection, clicking, typing, and window control without any safety warnings about collecting sensitive on-screen data or triggering destructive actions. In a desktop automation skill, these capabilities can expose passwords, messages, tokens, and personal files, or cause unintended actions such as closing windows, submitting forms, or executing commands.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script captures the full screen or a named window and writes the resulting image to disk without any built-in privacy warning, confirmation step, or restriction on sensitive targets. In the context of a Linux desktop automation skill, screenshots can expose credentials, personal data, internal documents, tokens, chat contents, or other secrets visible on screen, making this a real privacy and data-exposure risk if invoked inappropriately or by an untrusted workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
In active-window mode, the script returns the focused window's title, class, and geometry as JSON without any user notice, consent gate, or minimization. Window titles and classes frequently reveal sensitive context such as document names, websites, chats, or internal application usage, which can be harvested by an agent and used for profiling or targeting. In a desktop-control skill, this is especially sensitive because it gives the agent situational awareness over the user's GUI state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script enumerates all open windows and collects names, classes, desktops, and geometry for each via wmctrl/xprop, again without any warning or approval mechanism. This exposes broad desktop metadata that can reveal active tasks, confidential document titles, communications apps, and organizational tooling, enabling surveillance or downstream abuse by an automated agent. Given the skill's purpose is Linux desktop automation, this capability is functional but also materially increases privacy and reconnaissance risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script can inject arbitrary keystrokes into whichever X11 window is focused, or into a searched window by name, causing unintended state changes such as sending messages, executing commands in a terminal, or interacting with privileged dialogs. In the context of a desktop automation skill, this capability is expected, but it is still dangerous because there is no confirmation, allowlist, or target validation to prevent typing into the wrong application or a sensitive prompt.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal