Win Control
Security checks across malware telemetry and agentic risk
Overview
This skill needs review because it points users to unavailable PowerShell scripts that could control the Windows desktop and send messages from a logged-in DingTalk account.
Install only if you intentionally want Windows desktop RPA control. Before running commands, inspect the actual PowerShell scripts from the installed location, confirm the active window, coordinates, recipient, and message, and avoid using it on sensitive or production accounts without manual review.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.