mano-cua
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed desktop automation tool, but users should understand that cloud mode may send screenshots and can use an optional shell helper.
Install only if you are comfortable giving a tool control over your desktop during explicit tasks. Prefer local mode for private screens, disable cloud shell use with `mano-cua config --set disable-bash true` if you do not need it, and supervise any task involving purchases, credentials, deletion, or account changes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
59/59 vendors flagged this skill as clean.