ClawHub

Doorstep Screen Control - 屏幕操控

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides desktop viewing and control, with no evidence of hidden exfiltration or deceptive behavior, but it is powerful and should only be used under supervision.

Install only if you intentionally want an agent to see and operate your desktop. Keep sensitive windows closed, supervise actions involving accounts, payments, posting, deletion, or configuration changes, and avoid persistent administrator service mode unless you truly need ongoing node access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill describes shell/Python-driven screen automation and interaction with OpenClaw Node, but it does not declare the permissions implied by those capabilities. Undeclared shell and environment access is dangerous because this skill can capture screen contents, inject keyboard input, and potentially expose secrets or execute unintended host actions without explicit review or least-privilege gating.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented purpose is screen control, but the skill also appears to handle OpenClaw Node status checks, pairing-request inspection, node listing, and pairing assistance. This behavior expansion matters because node discovery/pairing can broaden trust boundaries and enable remote-control pathways beyond what a user would reasonably expect from a local screen-automation skill.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The guide explicitly states that after pairing, the agent can use 'exec' to run local scripts for file operations and opening applications, which materially expands capability beyond screen observation and input automation. In a remote-control skill, arbitrary local execution can enable full host compromise, destructive file actions, or execution of attacker-supplied commands if the agent or upstream instructions are abused.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Documenting arbitrary local script execution in a screen-control skill introduces a general-purpose code execution path that is not justified by the stated visual desktop-control purpose. Because the skill already has remote interaction semantics, adding local execution makes misuse much more dangerous by bypassing UI-only constraints and allowing direct system changes.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation describes screenshot capture, mouse/keyboard control, and local script execution without a prominent warning about privacy, credential exposure, destructive actions, or host-impact risks. In this context, inadequate risk disclosure increases the chance that operators enable or pair the node without understanding that the agent can observe sensitive screen contents and materially alter the local system.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script can capture the full screen and save screenshots to disk with no consent prompt, disclosure, access control, or audit trail. In a remote-control skill, screenshots may expose credentials, personal data, or confidential business information, so silent capture materially increases privacy and data-exfiltration risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script exposes direct mouse and keyboard automation primitives that can click, type, press hotkeys, drag, and scroll without confirmation or policy checks. In the context of a remote desktop-control skill, this enables potentially destructive or unauthorized actions such as confirming dialogs, changing settings, launching programs, or entering sensitive commands if invoked by an untrusted or mistaken agent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal