ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Windows Automation

v1.0.0

Automate Windows desktop by simulating mouse/keyboard input, managing clipboard, capturing screenshots, running commands, and launching apps.

0· 601·2 current·2 all-time
by@hjx378
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md and the __init__.py implementation align: the skill uses pyautogui/pywin32/pyperclip to control mouse/keyboard, clipboard, screenshots, app launch and run commands. Minor inconsistency: registry metadata lists no OS restriction, but the code and docs are Windows-specific (uses PowerShell, 'start' via cmd). The lack of an explicit Windows-only restriction is an oversight.
!
Instruction Scope
SKILL.md and __init__.py instruct/implement arbitrary command execution via windows_command (subprocess.run calling 'powershell -Command <user command>') which is expected for a 'run commands' feature but is high-risk because it can execute any shell command. The SKILL.md and code also disable pyautogui.FAILSAFE (noted in docs and set in code), which removes a common user abort mechanism and increases the risk of runaway automation; this is a safety concern even if coherent with the skill's goal.
Install Mechanism
There is no install spec (instruction-only), and the SKILL.md suggests installing pyautogui, pywin32, pyperclip via pip. This is a low-risk, common approach. Note: the package requirements are only mentioned in docs, not declared in registry metadata.
Credentials
The skill does not request environment variables, credentials, or config paths. The capabilities implemented (mouse/keyboard, clipboard, screenshots, launching apps, running commands) do not require secrets, so the absence of requested credentials is proportionate.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide configs. Model invocation is enabled (platform default) which is expected. No elevated persistence privileges are requested.
What to consider before installing
This skill implements legitimate Windows automation functions, but take these precautions before enabling it: 1) Only install on a Windows machine — the skill uses PowerShell and Windows 'start' and may misbehave on other OSes. 2) Be cautious about using windows_command: it executes arbitrary PowerShell commands, so avoid passing untrusted input. 3) Note that pyautogui.FAILSAFE is disabled in the code; you will not have the usual mouse-corner abort. If you plan to run complex automation, consider modifying the code to keep FAILSAFE enabled or add a safe abort mechanism. Finally, verify the package source for pyautogui/pywin32/pyperclip and review any code changes before use.

Like a lobster shell, security has layers — review code before you run it.

automationvk978d4benkbpq8qqxx9bebwt1182ccw2latestvk978d4benkbpq8qqxx9bebwt1182ccw2windowsvk978d4benkbpq8qqxx9bebwt1182ccw2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments