Desktop Control (Windows)
Security checks across malware telemetry and agentic risk
Overview
The skill openly provides broad Windows desktop control, but it asks users to rename and run PowerShell scripts with policy bypass and can force-install VSCode extensions, so it needs careful review before use.
Install only if you specifically need an agent to control your Windows desktop and you trust the publisher. Review the PowerShell scripts before renaming or running them, require explicit approval for process killing and VSCode extension changes, and avoid using clipboard or screenshot features while sensitive information is visible.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may end up running powerful local scripts that were not represented as normal executable code in the install metadata.
The skill distributes PowerShell scripts as text files, instructs users to convert them into executable scripts, and then runs them with policy bypass. That is under-declared for an instruction-only skill and weakens normal install/provenance expectations.
This Publish package includes scripts as `.ps1.txt` because Publish only accepts text files. After download, rename each `*.ps1.txt` to `*.ps1` ... powershell -ExecutionPolicy Bypass -File
Only use after reviewing the scripts. The publisher should provide a proper install spec, declare the Windows/PowerShell requirements, and avoid relying on manual renaming plus ExecutionPolicy Bypass.
The agent could make lasting changes to VSCode, including installing third-party extensions, without a clearly enforced approval step in the script.
The script can force-install an arbitrary VSCode extension ID, and also includes uninstall support. Extensions persist beyond the task and may run code inside the user's development environment.
& $codeCLI --install-extension $ExtensionId --force
Require explicit user confirmation before installing or uninstalling extensions, avoid `--force` by default, and show the exact extension ID and source before proceeding.
If invoked at the wrong time or on the wrong window, the skill could affect unrelated applications or unsaved work.
Broad desktop automation is the stated purpose, but it gives the agent the ability to type, click, launch programs, close windows, and manage processes across the user's desktop.
Control any desktop application on this Windows machine. Launch programs, manage windows, simulate input, control VSCode, and monitor processes
Use only for clear desktop-control tasks, keep confirmation enabled for destructive actions, and verify the target window before allowing typing, shortcuts, clicks, or process changes.
Private clipboard contents or visible screen data could be exposed to the agent during normal use.
The script can read clipboard text and print it into the agent's context. The same file also supports screenshots, which may capture sensitive on-screen information.
"clipboard-get" { $clip = [System.Windows.Forms.Clipboard]::GetText() ... Write-Output $clip }Do not invoke clipboard or screenshot actions when secrets, passwords, tokens, private messages, or sensitive documents may be visible.