Back to skill

Security audit

Clawd Cursor 0.6.0

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate desktop automation skill, but it can start a hidden local controller with broad screen and app-control powers without asking first.

Review before installing. This skill is meant to control your desktop, so only use it if you are comfortable with an agent seeing your screen and operating apps. Prefer local Ollama mode for sensitive work, supervise use around email, banking, password managers, private messages, admin consoles, or purchases, and make sure you know exactly how the local controller starts and stops.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill’s invocation guidance is intentionally expansive: it encourages use for broad desktop, browser, cross-app, and settings tasks whenever other tools are unavailable. In the context of a desktop-control skill with screenshot access and the ability to operate arbitrary applications, overly broad activation criteria can cause the agent to choose GUI automation for sensitive workflows, increasing the chance of privacy violations, unintended side effects, or unsafe actions in high-impact apps.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to start a local server itself and does so with a hidden window (`Start-Process ... -WindowStyle Hidden`) while explicitly saying not to ask the user first. Even though the service binds to localhost, silently spawning a background process removes user awareness and consent, and it enables a high-privilege desktop automation component that can inspect the screen and interact with apps.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup section again directs the agent to start the desktop automation service itself via an exec tool using a hidden background process. Repeating this pattern in setup guidance normalizes covert process launch and increases the likelihood that an agent will enable powerful GUI-control capabilities without the user realizing a persistent local service has been started.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.