ClawHub

Windows Automation

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides Windows desktop control, but it also gives an agent unrestricted PowerShell command execution, clipboard access, screenshots, and disabled mouse failsafe without meaningful guardrails.

Install only if you intentionally want an agent to control your Windows desktop and run local commands as your user. Treat it like remote-control access: keep sensitive windows and clipboard contents clear, require explicit approval before screenshots, clipboard reads, app launches, or shell commands, and avoid using it for financial, administrative, credential, or destructive workflows without separate safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def windows_command(command: str) -> str:
    """Run a PowerShell or cmd command."""
    result = subprocess.run(
        ["powershell", "-Command", command],
        capture_output=True,
        text=True
Confidence
99% confidence
Finding
result = subprocess.run( ["powershell", "-Command", command], capture_output=True, text=True )

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill is presented as desktop automation, but it also exposes unrestricted PowerShell/cmd execution, which materially expands its privilege and attack surface beyond user-expected UI automation. This mismatch makes the capability more dangerous because users or upstream agents may trust it for benign automation while it can directly execute system commands.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises powerful capabilities including command execution, clipboard access, and screenshots without any warning about privacy, consent, or system-impact risks. In an automation skill, these features are contextually plausible, but documenting them without safeguards or user-facing risk guidance can normalize unsafe use and increase the chance of misuse or accidental data exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly exposes screenshot capture and clipboard read/write capabilities but does not warn that these actions can collect passwords, tokens, personal data, or confidential application content. In a desktop automation context, these features are especially sensitive because they can access whatever is currently visible or copied system-wide, making accidental or unauthorized data exposure plausible.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents launching arbitrary applications and executing PowerShell/cmd commands without strong warnings, constraints, or approval requirements. In a Windows automation skill, this materially increases risk because commands and launched programs can modify the system, access files, run scripts, or chain into destructive actions far beyond simple UI automation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill enables arbitrary PowerShell execution without any user-facing warning, confirmation, or policy check. That makes destructive or stealthy system actions possible with no friction, which is especially risky in agent-driven environments where commands may be generated indirectly from untrusted prompts or data.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The screenshot function captures the current screen and writes the image to disk without any warning about sensitive on-screen content or file creation. In practice, screenshots may include secrets, personal data, or internal documents, and saving them to disk increases persistence and the chance of later disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Clipboard read and write functions access a common store that frequently contains passwords, tokens, personal data, or confidential business information. Performing these actions without warning or consent can expose sensitive data or overwrite user clipboard contents in unexpected ways.

Missing User Warnings

High
Confidence
98% confidence
Finding
Disabling PyAutoGUI's failsafe removes an important emergency stop mechanism while the skill can perform arbitrary mouse and keyboard actions. In an agent setting, this increases the risk of uncontrolled UI manipulation, accidental destructive actions, or interference that the user cannot quickly interrupt.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The description 'Windows desktop automation using PyAutoGUI' is overly broad and does not define clear activation boundaries, permitted tasks, or safety constraints. Because PyAutoGUI can drive arbitrary clicks and keystrokes on a user's desktop, a vague description increases the risk that the skill could be invoked in sensitive contexts such as credential entry, security dialogs, or destructive system actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal