Win Control
v1.0.0Control Windows mouse clicks and keyboard inputs via PowerShell scripts, supporting text, shortcuts, and customizable click actions.
⭐ 0· 68·1 current·1 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description say it controls mouse and keyboard via PowerShell scripts, which matches the commands in SKILL.md. However, the bundle contains no scripts or install step; all commands reference scripts under skills/win-control/scripts/*.ps1 (and an absolute example path under a user's .openclaw workspace). Requiring external scripts that are not packaged or installed is an incoherence: either the skill expects files to already exist on the host or the distributor omitted them.
Instruction Scope
SKILL.md instructs running PowerShell with -ExecutionPolicy Bypass to execute scripts that simulate mouse/keyboard and an RPA script to interact with DingTalk. That behavior is consistent with the stated purpose, but these commands will operate on the active window, send keystrokes, and can send messages to contacts (rpa-dingtalk-smart.ps1). Running arbitrary PowerShell (ExecutionPolicy Bypass) is powerful — expected for this task but high-risk if the underlying scripts are unreviewed or come from an untrusted source.
Install Mechanism
There is no install spec (instruction-only), which minimizes automated install risk. However, because no scripts are shipped, the skill as-distributed cannot function without external script files; this missing-install mismatch is a concern for coherence (it increases the chance a user or agent will fetch/execute scripts from other locations).
Credentials
The skill does not request environment variables, credentials, or config paths. That is proportionate to its described functionality (local automation) — there are no unexplained secret requests in the metadata or instructions.
Persistence & Privilege
always is false and there is no install step that modifies other skills or global agent settings. The skill uses commands that the agent may invoke (default autonomous invocation allowed), which is normal. Note: the use of PowerShell with ExecutionPolicy Bypass can elevate the risk of local script execution if combined with external or unreviewed code.
What to consider before installing
This skill appears to do what it says (automate Windows input) but the package contains only documentation and no PowerShell scripts; installing it as-is will require you (or the agent) to obtain the referenced .ps1 files from elsewhere. Before using or allowing autonomous invocation: 1) do not run scripts you haven't inspected — request the actual .ps1 files and review their contents for network calls, credentials access, or commands that perform I/O or spawn other processes; 2) be cautious with examples that use -ExecutionPolicy Bypass and absolute paths (these can run arbitrary code and may target user home directories); 3) test in an isolated VM or non-production account first; 4) if you only need to send messages to a service like DingTalk, prefer an API-based integration (which will require explicit credentials) rather than UI automation; and 5) if you want to proceed, ask the publisher to provide the scripts (or a trusted install mechanism) and ensure the skill package includes them so behavior is auditable.Like a lobster shell, security has layers — review code before you run it.
latest
Windows 鼠标键盘控制
功能
通过 PowerShell 脚本控制 Windows 鼠标和键盘操作。
可用命令
鼠标控制
# 点击鼠标
powershell -ExecutionPolicy Bypass -File skills/win-control/scripts/mouse-click.ps1 -X 500 -Y 300 -ClickType Left
键盘控制
# 发送文本
powershell -ExecutionPolicy Bypass -File skills/win-control/scripts/send-keys.ps1 -Text "Hello World"
# 发送快捷键
powershell -ExecutionPolicy Bypass -File skills/win-control/scripts/send-keys.ps1 -Keys "CTRL+C,CTRL+V"
支持的快捷键
- ENTER, ESC, TAB
- CTRL+C, CTRL+V, CTRL+A
- ALT+TAB, WIN
- F1-F12
- BACKSPACE, DELETE, HOME, END
⚠️ 安全提示
- 鼠标键盘控制可能影响当前操作
- 建议在测试环境先验证
- 避免在生产环境自动化关键操作
Comments
Loading comments...