ClawHub

Midscene Automations Skills for Computer

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides powerful desktop automation, so it is not risk-free, but the reviewed artifact is coherent with that purpose and shows no hidden, deceptive, or malicious behavior.

Install only if you intentionally want an agent to operate your actual desktop. Use a dedicated model API key when possible, close or hide sensitive windows first, give narrow task instructions, and review or delete generated screenshots and reports after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes generic phrases like "press key," "desktop," "computer," and "type text," which are likely to match ordinary user requests that were not intended to invoke a high-risk skill. Because this skill can take over the real mouse and keyboard and interact with arbitrary visible applications, over-broad activation materially increases the chance of accidental execution and unintended actions on the host system.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to proactively summarize "key data found" after desktop automation encourages the agent to collect and restate potentially sensitive information visible on screen, such as messages, documents, credentials, personal data, or proprietary business content. In a desktop-control context, screenshots and observations may include far more data than necessary for task completion, so mandatory broad reporting increases the risk of privacy and data leakage.

Ssd 3

Medium
Confidence
96% confidence
Finding
The workflow explicitly instructs the agent to present "key findings and data extracted during the task," which normalizes broad disclosure of whatever the automation observed on the user's desktop. Since desktop automation operates on real applications and full-screen screenshots, this can expose unrelated but sensitive information from notifications, adjacent windows, emails, chats, or files that happened to be visible during execution.

Ssd 3

Medium
Confidence
96% confidence
Finding
The best-practice guidance says the agent must proactively present extracted or observed data, screenshots, and generated files, which can systematically leak sensitive desktop contents into the response or file paths into downstream logs. In this skill's context, screenshots may capture entire applications or the user's broader workspace, making proactive disclosure especially risky.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal