ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PC Master

v1.0.0

Control the Windows PC from WSL2. Use when the user asks to open/close applications, manage processes, take screenshots, control windows, manage files on Win...

0· 778·2 current·2 all-time
byAmine Rguig@amirgu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior found in SKILL.md: all commands and examples are about interacting with Windows from WSL2 (launching apps, managing processes, screenshots, reading C:). No unrelated environment variables, binaries, or install steps are requested.
Instruction Scope
The instructions explicitly show how to run Windows executables and PowerShell from WSL2 and how to read and manipulate files under /mnt/c/. This is expected for the stated purpose but gives the agent the ability to perform sensitive actions (kill processes, read arbitrary files, take screenshots, launch arbitrary executables). The SKILL.md does not attempt to read unrelated system configs or exfiltrate data, but the described actions are powerful and privacy-sensitive.
Install Mechanism
Instruction-only skill with no install step or downloaded code. No files are written by an installer, which reduces surface area.
Credentials
No environment variables, credentials, or config paths are requested. The ability to access the Windows host comes from normal WSL interop rather than special credentials, which is proportionate to the stated purpose.
Persistence & Privilege
always is false and there is no self-install behavior. However, the platform default allows the agent to invoke the skill autonomously; because the skill enables host control, autonomous invocation increases blast radius. Consider requiring human confirmation before any destructive or privacy-sensitive actions.
Assessment
This skill does what it says: it teaches the agent how to run Windows binaries from WSL2 and how to manipulate files/processes and take screenshots on the Windows host. That capability is powerful and can be privacy-invasive or destructive (reading any file under C:, killing processes, launching executables, saving screenshots). Before installing: 1) only enable it if you trust the skill source/author (source is unknown here); 2) prefer user-invocable use and disable or restrict autonomous invocation for this skill so it cannot run without explicit approval; 3) require human confirmation for any action that reads files, takes screenshots, kills processes, or modifies system files; 4) consider running in a sandbox or test machine if you want to limit risk. Note: the registry scan found no code (instruction-only), but that only means there was nothing for the regex scanner to analyze — it does not guarantee safety.

Like a lobster shell, security has layers — review code before you run it.

latestvk974vb6pfs4c8bjrwzre674ft581jsny

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments