Kc Gui
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill asks the agent to run an unreviewed Windows GUI automation wrapper, and its promised app whitelist does not match the included examples and configuration.
Treat this as a Review item. Before installing, verify the missing kc.exe and run_kc.ps1 source, confirm the real app whitelist, remove broad targets like browser unless explicitly needed, disable unexplained scheduling, and avoid using it on sensitive desktop screens or accounts until its data flow and permissions are documented.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The GUI agent could potentially operate outside the narrow app list the user is told to trust, including a browser or the agent application itself.
The configured process whitelist includes broad or unexpected targets such as browser and QClaw, which conflicts with the documented claim that only the eight named entertainment/meeting apps are allowed.
processes = ["QQMusic", "WeMeetApp", "QClaw", "wegame" ,"browser" , "cloudmusic", "steam","steamwebhelper" ...]
Do not install unless the actual whitelist implementation is verified and narrowed to the documented applications; remove broad entries such as browser unless they are explicitly intended and safe.
A user or agent could be misled about what the skill is allowed to control, increasing the chance of unsafe desktop actions.
The documentation promises a strict immutable whitelist but also gives examples targeting applications and system areas it later says must be refused.
This whitelist is hardcoded and immutable ... Task Examples: "open Calculator...", "in Settings...", "open File Explorer...", "open Word..."
Fix the documentation so examples and enforcement rules match exactly, and require explicit user confirmation before any GUI action that changes files, settings, accounts, or public content.
Installing this could cause the agent to execute unreviewed local automation code with control over the Windows desktop.
The skill requires running a PowerShell wrapper and bundled executable, but the provided manifest contains only SKILL.md and config.toml, so the executable/script provenance and behavior cannot be reviewed.
Windows desktop GUI automation agent powered by `kc.exe` ... Start-Process ... -ExecutionPolicy Bypass -File "<skill_dir>/scripts/run_kc.ps1"
Only use a package that includes the referenced executable and script from a trusted source, with hashes/signatures and reviewed behavior.
The user may need to provide a sensitive provider API key even though the registry metadata does not clearly declare that requirement.
The configuration expects an OpenAI-compatible API key, while the registry requirements declare no primary credential or required environment variables.
model_provider = "openai" api_key = "" base_url = ""
Use a revocable, least-privilege API key if possible, avoid pasting unrelated credentials, and confirm where the key is stored.
Screen contents from whitelisted applications could potentially be processed by an external provider, which may expose private meeting, media, account, or browsing information.
The GUI automation configuration appears designed to use an external model provider, but the artifacts do not clearly describe what screenshots, on-screen text, or task data may be sent.
model_provider = "openai" multimodal_name = "" api_key = ""
Do not use this on sensitive screens unless the data flow is documented; verify provider settings, retention terms, and what visual data is transmitted.
There may be background or scheduled behavior that the user is not clearly told about.
A scheduler is enabled in the default configuration, but SKILL.md does not explain what is scheduled or whether anything can run outside the immediate user-requested task.
[scheduler] enabled = true
Clarify or disable the scheduler by default unless scheduling is required, visible, and under explicit user control.