ClawHub

Wincontrol

Security checks across malware telemetry and agentic risk

Overview

This skill openly does remote desktop control, but it exposes powerful screen-capture and keyboard/mouse APIs on localhost without authentication.

Install only if you intentionally want a local desktop-control server. Run it on a trusted single-user machine, stop it when finished, do not expose the port beyond localhost, and be aware that any local process or browser page able to reach the service may capture the screen or send keyboard and mouse actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README advertises screenshot capture and remote mouse/keyboard control over HTTP but does not warn users about the substantial security implications, including desktop surveillance, unintended input injection, and system takeover if the service is exposed beyond localhost or misconfigured. For a tool whose core function is remote desktop control, omission of explicit safety, exposure, and consent guidance materially increases the chance of unsafe deployment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The top-level description presents remote desktop control and screenshot capture as convenience features without an immediate, prominent warning that the skill can observe sensitive on-screen data and inject mouse/keyboard input into the host. For a capability this invasive, burying the warning later in the document is insufficient because users may enable it before understanding the privacy and system-integrity risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The /capture endpoint allows any local process that can reach the service to trigger full-screen capture and write the image to disk, with no authentication, authorization, consent flow, or user-facing notice. In the context of a remote-control skill, this exposes sensitive on-screen data such as credentials, messages, documents, and tokens, making the lack of warning and access control materially dangerous rather than merely a UX issue.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The server exposes mouse movement, clicks, dragging, scrolling, and keyboard injection over HTTP with no authentication or authorization checks. Even though it binds to localhost, any local untrusted process, malware, browser-to-localhost interaction, or pivot through another local foothold could drive the desktop, execute commands, approve prompts, exfiltrate data, or install malware; the permissive CORS policy further increases abuse potential from web content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest describes screenshot capture and mouse/keyboard remote control capabilities but provides no warning about the substantial privacy and integrity risks of those features. In this context, omission matters because the skill enables full desktop observation and input injection, which can expose sensitive information, trigger unintended actions, and materially increase the chance of unsafe deployment or user consent failures.

Vague Triggers

Low
Confidence
89% confidence
Finding
The manifest frames the skill as generic 'AI remote control for Windows desktop' without stating narrow triggers, scope limits, or guardrails. Because the capability is inherently high risk, broad invocation language can encourage overuse or unexpected activation of powerful actions such as screen capture and input control, making misuse more likely in real deployments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal