Desktop Automation

Security checks across malware telemetry and agentic risk

Overview

This skill openly enables desktop automation, but it gives an agent broad live-screen control and optional always-on service setup without enough user-control boundaries.

Install only if you intentionally want an agent to see and control your desktop. Prefer starting the CUA server manually only while needed, keep it bound to localhost, use authentication for any network exposure, close sensitive windows before use, and avoid always-on service mode unless you understand how to disable it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents highly capable desktop-control actions such as clicking, typing, launching apps, opening files/URLs, and submitting forms against the user's live session, but it does not prominently warn that these actions can irreversibly alter data, trigger transactions, or operate on whatever window currently has focus. In this context, the omission materially increases the chance of unsafe use because users may treat the examples as routine automation rather than full live-session control.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The screenshot examples instruct users to capture and decode images of the current desktop without warning that screenshots may contain secrets, personal data, messages, documents, or security prompts. Because this skill is specifically for live desktop control, screenshots are especially sensitive and can expose a broad range of on-screen information.

Session Persistence

Medium

Category: Rogue Agent
Content: # Enable and start the service sudo systemctl daemon-reload sudo systemctl enable cua-server sudo systemctl start cua-server # Check status
Confidence: 91% confidence
Finding: systemctl enable

Session Persistence

Medium

Category: Rogue Agent
Content: **Linux (systemd):** ```bash # Create service file sudo tee /etc/systemd/system/cua-server.service > /dev/null <<EOF [Unit] Description=CUA Computer Server
Confidence: 89% confidence
Finding: Create service file

Session Persistence

Medium

Category: Rogue Agent
Content: **macOS (launchd):** ```bash # Create a plist file cat > ~/Library/LaunchAgents/com.cua.server.plist <<EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
Confidence: 87% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: EOF # Load the service launchctl load ~/Library/LaunchAgents/com.cua.server.plist # Start the service launchctl start com.cua.server
Confidence: 92% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: EOF # Load the service launchctl load ~/Library/LaunchAgents/com.cua.server.plist # Start the service launchctl start com.cua.server
Confidence: 92% confidence
Finding: plist

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal