ClawHub

Agent Desktop

Security checks across malware telemetry and agentic risk

Overview

This is a powerful desktop-control skill, but its capabilities are disclosed and fit its stated purpose.

Install only if you intentionally want an agent to inspect and control desktop applications. Verify the global agent-desktop CLI package before installing, grant Accessibility and Screen Recording only to launchers you trust, and treat screenshots, clipboard reads/writes, notification actions, force-closing apps, and keyboard/mouse commands as sensitive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill advertises an overly broad catch-all trigger for essentially any desktop GUI interaction task, which can cause this powerful desktop-control capability to be invoked in situations beyond the user's explicit intent. Because the tool can observe UI state, type, click, manipulate windows, access notifications, screenshots, and clipboard contents, overbroad routing increases the chance of unintended privacy-invasive or system-impacting actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description presents extensive desktop-control features without warning that the skill can read on-screen content, capture screenshots, inspect notifications, and read or modify the clipboard. In the context of a desktop automation skill with broad system visibility and control, missing privacy and safety warnings can lead to uninformed use and increase the risk of sensitive data exposure or unintended disruptive actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation states that explicit focus/physical policy may use the clipboard briefly for non-ASCII text insertion, but it does not clearly warn users that clipboard contents can expose sensitive data to other apps, clipboard history tools, sync services, or the user session itself. In a desktop-automation skill with clipboard and typing capabilities, this omission increases the chance that operators or downstream agents will inadvertently send secrets through a shared OS channel.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The workflow explicitly demonstrates copying UI text into the system clipboard and reading it back, but it provides no warning that clipboard contents may contain secrets and are often accessible to other apps, clipboard managers, logs, or later automation steps. In a desktop automation skill, this is more dangerous than in generic documentation because the tool is designed to interact with arbitrary applications and could expose credentials, tokens, personal data, or confidential business content during routine use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal