Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Win Control
v1.0.0Control Windows mouse clicks and keyboard inputs via PowerShell scripts, supporting text, shortcuts, and customizable click actions.
⭐ 0· 55·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description say it controls mouse and keyboard via PowerShell scripts, which matches the commands in SKILL.md. However, the bundle contains no scripts or install step; all commands reference scripts under skills/win-control/scripts/*.ps1 (and an absolute example path under a user's .openclaw workspace). Requiring external scripts that are not packaged or installed is an incoherence: either the skill expects files to already exist on the host or the distributor omitted them.
Instruction Scope
SKILL.md instructs running PowerShell with -ExecutionPolicy Bypass to execute scripts that simulate mouse/keyboard and an RPA script to interact with DingTalk. That behavior is consistent with the stated purpose, but these commands will operate on the active window, send keystrokes, and can send messages to contacts (rpa-dingtalk-smart.ps1). Running arbitrary PowerShell (ExecutionPolicy Bypass) is powerful — expected for this task but high-risk if the underlying scripts are unreviewed or come from an untrusted source.
Install Mechanism
There is no install spec (instruction-only), which minimizes automated install risk. However, because no scripts are shipped, the skill as-distributed cannot function without external script files; this missing-install mismatch is a concern for coherence (it increases the chance a user or agent will fetch/execute scripts from other locations).
Credentials
The skill does not request environment variables, credentials, or config paths. That is proportionate to its described functionality (local automation) — there are no unexplained secret requests in the metadata or instructions.
Persistence & Privilege
always is false and there is no install step that modifies other skills or global agent settings. The skill uses commands that the agent may invoke (default autonomous invocation allowed), which is normal. Note: the use of PowerShell with ExecutionPolicy Bypass can elevate the risk of local script execution if combined with external or unreviewed code.
What to consider before installing
This skill appears to do what it says (automate Windows input) but the package contains only documentation and no PowerShell scripts; installing it as-is will require you (or the agent) to obtain the referenced .ps1 files from elsewhere. Before using or allowing autonomous invocation: 1) do not run scripts you haven't inspected — request the actual .ps1 files and review their contents for network calls, credentials access, or commands that perform I/O or spawn other processes; 2) be cautious with examples that use -ExecutionPolicy Bypass and absolute paths (these can run arbitrary code and may target user home directories); 3) test in an isolated VM or non-production account first; 4) if you only need to send messages to a service like DingTalk, prefer an API-based integration (which will require explicit credentials) rather than UI automation; and 5) if you want to proceed, ask the publisher to provide the scripts (or a trusted install mechanism) and ensure the skill package includes them so behavior is auditable.Like a lobster shell, security has layers — review code before you run it.
latestvk9737g2ryj9m708dv9ns9yk7vh84ge8s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.