Windows
v1.0.0Windows-specific patterns, security practices, and operational traps that cause silent failures.
⭐ 2· 1.7k·4 current·4 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Windows operational/security guidance) matches the SKILL.md content: PowerShell tips, credential handling, logging, remoting, permissions. It does not request unrelated credentials, binaries, or services.
Instruction Scope
Instructions are limited to Windows admin/operator practices and include examples (cmdkey, Export-Clixml, Set-AuthenticodeSignature, etc.). Several examples require elevated rights (creating event sources, signing cert access, symlink privileges) — this is expected, but users should not run examples verbatim on production systems without review. The guidance references local env vars ($env:TEMP, $env:USERPROFILE) and credential stores appropriately; it does not instruct exfiltration or contacting external endpoints.
Install Mechanism
No install spec and no code files — lowest-risk instruction-only skill; nothing is downloaded or written by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths. Examples show use of Windows Credential Manager and Export-Clixml (normal for credential handling); these are proportional to the documented purpose.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request persistent presence or to modify other skills or system-wide agent settings.
Assessment
This skill appears coherent and focused on Windows operational guidance. Before using snippets: (1) review and understand any command that requires admin rights (creating event sources, signing scripts, changing TrustedHosts); (2) avoid running copied scripts verbatim on production systems — test in a VM or sandbox; (3) credential helpers shown (cmdkey, Export-Clixml) are appropriate but have limitations — Export-Clixml is protected to the current user/machine and cmdkey entries may be accessible to other processes with sufficient privileges; (4) creating exclusions for AV or changing Group Policy should be done per organizational policies; (5) although the skill can be invoked autonomously by agents (default), it has no install-time or credential requirements — treat it as documentation rather than executable code. If you want higher assurance, ask the author for provenance or a homepage/source repository before trusting operational guidance in sensitive environments.Like a lobster shell, security has layers — review code before you run it.
latestvk97ak4906dgfqgx9zhja3vxdrs80xz81
License
MIT-0
Free to use, modify, and redistribute. No attribution required.