Windows Control
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill openly provides full Windows desktop control, but its unscoped ability to see and operate any app makes it high-impact and worth careful review.
Install only if you intentionally want an agent to control your Windows desktop. Use it in a dedicated or supervised session, keep sensitive apps closed, and require confirmation before actions that save, submit, delete, purchase, send messages, approve dialogs, or change accounts/files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent invokes these tools incorrectly or too autonomously, it could click, type, save, submit, or close content in the wrong application.
The skill intentionally exposes raw desktop-control tools for any Windows application, but the artifacts do not describe approval gates, target allowlists, sandboxing, or limits before high-impact actions.
Full Windows desktop control. Mouse, keyboard, screenshots - interact with any Windows application like a human.
Use only in a trusted, supervised desktop session. Prefer requiring explicit confirmation before clicks, typing, dialog approvals, account actions, file changes, purchases, or public posts.
The agent may be able to act through applications where the user is already signed in, such as browsers, editors, chat apps, business tools, or admin consoles.
When no target window is provided, the click-by-element workflow searches all visible windows, so actions can cross application and account boundaries within the user's logged-in session.
else:
# Search all visible windows
windows = desktop.windows()Restrict use to a dedicated test desktop or require the agent to target a specific window and get confirmation before acting in logged-in or sensitive applications.
Private information visible on the screen or in open windows may enter the agent context, and untrusted webpage or app text could influence later agent reasoning if not treated carefully.
The skill can capture the entire visible screen and return it to the agent as image data; related scripts also extract window and browser UI text.
screenshot = pyautogui.screenshot()
Close or hide sensitive windows before use, avoid using it around secrets or private messages, and treat extracted webpage/app text as untrusted content.
Users may need to install Python GUI automation dependencies themselves and should make sure they come from trusted sources.
The package includes local scripts but lacks source provenance, a homepage, and a declared install process, making dependency and origin verification less clear.
Source: unknown Homepage: none Install specifications: No install spec
Verify the publisher and dependencies before installing, and prefer pinned, documented setup steps for pyautogui, pywinauto, pygetwindow, Pillow, and optional OCR tooling.