ClawHub

Handsfree Windows Control

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about powerful Windows and browser automation, but it installs mutable external code and reuses persistent browser sessions, so users should review it carefully before installing.

Install only if you are comfortable with an agent controlling local Windows apps and websites. Review or pin the external handsfree-windows repository before setup, prefer test accounts or dedicated browser profiles, delete ~/.handsfree-windows/browser-profiles when done with sensitive work, and require explicit confirmation before any send, delete, purchase, posting, account, or business-data action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd: list[str], cwd: Path | None = None, desc: str = "") -> int:
    print(f"\n>>> {desc or ' '.join(cmd)}")
    result = subprocess.run(cmd, cwd=str(cwd) if cwd else None)
    if result.returncode != 0:
        print(f"[ERROR] Command failed (exit {result.returncode}): {' '.join(cmd)}")
    return result.returncode
Confidence
95% confidence
Finding
result = subprocess.run(cmd, cwd=str(cwd) if cwd else None)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation description is broad enough to match generic automation or testing requests, which could cause the skill to be selected in contexts where shell-based setup and powerful desktop/browser control were not expected. Because this skill can launch apps, inspect UI, interact with websites, and replay macros, overbroad routing raises the risk of unnecessary privilege use and accidental execution of sensitive actions. The context makes this more concerning because the skill bridges both desktop and browser automation on Windows.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Although the skill mentions on-disk browser profile paths and notes they contain cookies and login sessions, the description/invocation guidance does not prominently warn users before browser automation begins that authentication state persists across sessions. This can lead to unintentional reuse or exposure of logged-in sessions, especially on shared machines or when multiple tasks use the same persistent profile. In a browser automation skill, persistent auth state materially changes the security posture.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal