ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Windows Host UI Bridge

v1.0.1

Bridge: Cross-OS UI automation for Windows Host

0· 98·0 current·0 all-time
byMinhao Wang@2059247714
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to operate from a Linux (WSL2) environment to control the Windows host and therefore needing /mnt/c/Windows/System32/cmd.exe is coherent. However, the SKILL metadata also lists 'node' as a required binary on the Linux side while the runtime template explicitly invokes the Windows-side npx (C:\PROGRA~1\nodejs\npx.cmd). Requiring a Linux 'node' binary appears unnecessary or inconsistent with the provided command template.
!
Instruction Scope
Instructions tell the agent to invoke the Windows cmd.exe to run a Windows npx command that pulls and runs @midscene/computer@1 with a user-provided prompt. The document prescribes sanitizing action_prompt by removing a small set of characters (;,&,|,$,>), but this list is incomplete (fails to address quotes, backticks, percent expansion, carets, newlines, Windows-specific escapes, etc.). Because the agent is instructed to execute commands on the Windows host, insufficient sanitization and reliance on a short blacklist meaningfully increases the risk of command injection or unintended host actions.
!
Install Mechanism
There is no install spec, but the runtime template uses npx to fetch and execute @midscene/computer@1 at runtime. That means arbitrary code will be downloaded from the npm registry (or whatever registry npx uses) and executed on the Windows host. The skill provides no provenance, checksum, or pinned release; dynamic npx execution of an unvetted package is high-risk and effectively functions as a runtime install of unreviewed code.
Credentials
The skill requests no environment variables or credentials, which is consistent with a UI-automation bridge. However, it implicitly requires access to the Windows host filesystem and command execution (/mnt/c/Windows/System32/cmd.exe). The absence of any declared Windows-side configuration or provenance for the remote package (and the unnecessary Linux 'node' requirement) is noteworthy but not strictly contradictory.
!
Persistence & Privilege
The skill is not marked 'always', but it allows normal autonomous invocation. Autonomous invocation combined with the ability to run arbitrary Windows commands and to npx-install and execute remote packages increases the potential blast radius. Autonomous invocation alone is normal, but here it amplifies the risk because runtime behavior includes remote code execution on the host.
What to consider before installing
What to consider before installing: - This skill instructs the agent to run Windows cmd.exe from WSL and to call npx to fetch and run the package @midscene/computer@1 on the Windows host. That means it will download and execute code on your Windows machine at runtime — treat that like installing software from an untrusted source. - The SKILL.md asks the agent to ‘sanitize’ prompts by removing a few characters, but the blacklist is incomplete. Malicious or malformed input could still trigger arbitrary commands on the host. - There is an explicit mismatch: the skill declares 'node' as a required binary on the Linux side but the runtime command uses a Windows npx path. Ask the author why a Linux node is required or whether the template is accurate. - If you consider using this skill: require the package author to provide provenance (repository, homepage, signed release, checksum), avoid runtime npx of unpinned packages, and prefer a vetted binary or an explicit install step you control. Limit autonomous invocation (require explicit user confirmation), test in an isolated disposable WSL/Windows environment, and audit the @midscene/computer package source before granting access. - If you cannot verify the remote package and the author’s intent, treat the skill as high-risk and avoid installing it on productive machines.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

OSLinux
Bins/mnt/c/Windows/System32/cmd.exe, node
automationvk97enk3ff6761sb5my0dcc4q2h83p89klatestvk97c4bd1v53d7za4hskw0ch60h83phvhwindowsvk97enk3ff6761sb5my0dcc4q2h83p89kwsl2vk97enk3ff6761sb5my0dcc4q2h83p89k
98downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
Linux
Minhao Wang@2059247714
automationlatestwindowswsl2
Download

Windows Host Bridge Control

此技能专门用于在 WSL2 环境中穿透控制 Windows 宿主机上的仪器。

🛡️ 安全合规协议 (Security Protocol)

  1. 已知工具:本技能显式调用宿主机 cmd.exenpx,用于合规自动化。
  2. 输入清洗:Agent 在构造指令前,必须移除 action_prompt 中的非法字符(如 ;, &, |, $, >),防止命令注入。
  3. 隔离执行:本技能仅限于 UI 视觉操作,不涉及敏感文件读取。

⚙️ 执行逻辑 (Execution Logic)

当需要操作 Windows 界面时,必须严格遵守以下参数构造:

  • 宿主机 Shell: /mnt/c/Windows/System32/cmd.exe /C
  • Node 路径: C:\PROGRA~1\nodejs\npx.cmd (强制使用 8.3 短路径以规避空格解析错误)
  • 核心组件: @midscene/computer@1

标准指令模板:

使用系统 exec 工具运行以下原子化命令: /mnt/c/Windows/System32/cmd.exe /C "C:\PROGRA~1\nodejs\npx.cmd @midscene/computer@1 act --prompt \"{{action_prompt}}\""

场景示例 (Scenarios)

  • 读取数据: "Click the 'Read' button in software and wait for completion."
  • 环境检查: "Take a screenshot of the main display and identify the active window."
  • 坐标操作: "Move the mouse cursor to the center of the screen."

⚠️ 故障排除

  • 如果报错 "C:\Program is not recognized",请检查是否严格使用了 PROGRA~1 路径。
  • 如果出现 "Permission Denied",请确保 Windows 侧已开启开发者模式并允许外部调用。

Comments

Loading comments...