GUI Automation

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed desktop-control skill with powerful but purpose-aligned capabilities and no evidence of hidden installation, persistence, exfiltration, or destructive behavior.

Install only if you intend to let an agent control your desktop. Run the CUA server temporarily, keep it bound to localhost, stop it when finished, avoid sensitive windows during screenshots or typing, and confirm any action that saves files, submits forms, or changes application state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The example invocation phrases are generic natural-language requests like taking screenshots, opening Firefox, typing text, and clicking the screen. In a desktop-control skill with powerful side effects, broad trigger phrases increase the chance of accidental or overly permissive activation, which can cause unintended desktop actions, data entry, or disclosure from screenshots.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The text editor demo includes saving a file to disk, which modifies user data, but the surrounding documentation does not clearly warn that this skill can create or overwrite files through GUI automation. Because the skill controls the user's desktop, even seemingly harmless save operations may alter important documents or persist unintended data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal