ClawHub

Xdotool Control

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it gives an agent broad live-desktop and browser control with limited safeguards.

Install only if you intentionally want an agent to operate your live Linux desktop. Use a disposable desktop or dedicated browser profile, close sensitive windows, verify target windows and coordinates before clicks or typing, avoid terminals/admin/payment/account pages unless supervising, and delete temporary screenshots from /tmp after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill broadly documents GUI automation that can click, type, capture screenshots, and interact with terminals, but it does not include guardrails such as confirmation steps, scope restrictions, or warnings about acting on the wrong window. In this context, misfocused input or stale coordinates can cause unintended commands, data entry, disclosure via screenshots, or approval of sensitive prompts.

Missing User Warnings

High
Confidence
98% confidence
Finding
The tmux example auto-sends "Yes" and Enter to a matched session, which can approve security prompts or execute sensitive actions without validating prompt contents or destination. Because the target session is selected with a loose pattern, this creates a meaningful risk of authorizing unintended or malicious operations in a privileged automation flow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This script programmatically activates a Chrome window and performs mouse clicks in the browser toolbar without any interactive confirmation or dry-run safeguard. In the context of a desktop automation skill, that can cause unintended actions in the user's active browser session, including interacting with sensitive extensions or browser UI if the detected window or coordinates are wrong.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script stores screenshots of Chrome toolbar and extension UI in /tmp, which may expose browser UI contents, extension names, and other potentially sensitive visual data to other local processes or later users if the files remain. Because the capture occurs automatically and without a clear warning or cleanup, it increases the risk of inadvertent information disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script writes a screenshot of part of the desktop to a predictable path under /tmp, which can expose potentially sensitive on-screen information such as browser UI, extension icons, or other visible content. In a GUI automation skill, screenshot capture is expected, but storing it in a shared temporary location without privacy safeguards or restrictive permissions increases the chance of unintended disclosure or file clobbering.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script activates a matched window and injects arbitrary keystrokes into it without any confirmation, target validation, or restriction on the text being sent. In a desktop automation skill, this can cause unintended commands, data submission, or interaction with the wrong application if the window title is ambiguous or attacker-influenced.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal