ClawHub

Win Mouse Native (Windows)

v1.0.0

Native Windows mouse control (move, click, drag) via user32.dll. Use when the user asks you to move the mouse, click, drag, or automate pointer actions on Windows.

5· 4.8k·16 current·17 all-time
by@lurklight
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say 'native Windows mouse control' and the provided PowerShell + C# Add-Type code calls user32.dll (SetCursorPos, SendInput) to move and click the pointer — exactly what the skill claims. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md tells the agent to save the provided .cmd/.ps1 text files and to exec the local `win-mouse` command. The instructions are narrowly scoped to gathering coordinates and invoking the local script; they do not instruct reading arbitrary files, contacting external endpoints, or collecting unrelated system data.
Install Mechanism
There is no automated install spec (instruction-only). The user/agent must save the provided scripts to disk and run them. The .cmd wrapper launches PowerShell with `-ExecutionPolicy Bypass` which is necessary to run the provided script but does relax script execution policy — verify the script contents before running.
Credentials
The skill requires no environment variables, credentials, or config paths. The code does not access network, secrets, or unrelated system config.
Persistence & Privilege
always is false and the skill is user-invocable. The skill runs local commands when invoked; autonomous invocation is permitted by default on the platform but that is normal. The skill does not attempt to persist itself or modify other skills/config.
Assessment
This skill appears to do exactly what it says: control the Windows mouse locally. Before installing/running it, manually inspect the provided win-mouse.ps1 contents (they are included) to confirm no modifications. Be aware it requires saving and executing scripts locally and the wrapper uses PowerShell with ExecutionPolicy Bypass — only run if you trust the source. Because it can emulate clicks and movements, do not run it with elevated (administrator) privileges unless necessary; consider testing in a VM or non-privileged account. If you are concerned about the agent invoking local commands autonomously, keep the skill user-invocable only or disable autonomous invocation at the platform level.

Like a lobster shell, security has layers — review code before you run it.

latestvk974mttd2yz43ew4j59dcbrn3d809azb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments