ClawHub
Back to skill

Security audit

Agent Desktop

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed desktop automation skill, but installing and using it grants powerful control over local apps and screen contents.

Install only if you are comfortable granting a terminal or agent broad desktop Accessibility control, and Screen Recording if screenshots are needed. Avoid using clipboard-backed typing for passwords, tokens, or other secrets; prefer direct set-value paths where supported, and use headed mouse/keyboard commands only when you intentionally want physical UI control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger text includes a broad catch-all phrase covering essentially any desktop GUI interaction task, which can cause the skill to activate in many contexts beyond narrowly intended use. Because this skill enables powerful desktop control actions such as clicking, typing, clipboard access, screenshots, and notification handling, overbroad invocation increases the chance of unsafe or unintended automation being selected for sensitive workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly states that text entry may briefly use the clipboard/pasteboard for non-ASCII insertion and suggests using `set-value` for sensitive text when possible, but it does not clearly warn that clipboard contents can be exposed to other applications, clipboard managers, sync services, or user history. In a desktop automation skill with broad UI control, this increases the chance that secrets such as passwords, tokens, or personal data are unintentionally copied into a globally observable channel.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal