Back to skill

Security audit

Desktop Control (Windows)

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides Windows desktop automation, but it gives an agent broad control over apps, input, screenshots, clipboard data, processes, and VS Code extensions with limited per-action safeguards.

Install only if you specifically want an agent to control your Windows desktop. Review the PowerShell scripts before renaming or running them, keep secrets off-screen and out of the clipboard before use, and require explicit confirmation for screenshots, clipboard reads, process killing, app launches, VS Code extension changes, and any typing or clicking in sensitive windows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill advertises very broad activation criteria for powerful desktop-control capabilities, including launching programs, sending input, reading clipboard contents, and capturing screen information. In an agent setting, overly broad routing language can cause the skill to be invoked for many ordinary tasks, unnecessarily expanding access to sensitive interfaces and increasing the chance of unintended data exposure or destructive actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents screenshot capture and clipboard read operations without prominently warning that these actions can expose secrets, personal data, access tokens, or confidential on-screen content. Because this skill is specifically designed to inspect active windows and user clipboard state, the lack of explicit sensitivity guidance makes accidental exfiltration or privacy violations materially more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script can synthesize arbitrary keyboard shortcuts and mouse actions in whatever window currently has focus, including destructive sequences like Alt+F4, Ctrl+V, Enter, or clicks on security prompts. In the context of a desktop-control skill, this materially increases risk because an LLM or downstream caller could trigger unintended data deletion, app reconfiguration, command execution through terminals, or interaction with sensitive dialogs without any confirmation or target validation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This action reads clipboard text and prints it directly to output, which can expose highly sensitive data such as passwords, API keys, tokens, personal data, or copied confidential content. In a desktop-control skill, this is especially dangerous because clipboard access is a powerful surveillance capability and the script provides no consent prompt, redaction, or scope limitation before exfiltrating the data to the caller.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script can capture a full-screen or per-window screenshot and save it to disk without any explicit warning, consent check, or restriction on target scope. Screenshots may contain emails, chats, documents, credentials, MFA prompts, or other sensitive visual data, and saving them to disk creates an additional persistence/exfiltration risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.