Windows Control
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it claims, but it gives an agent broad ability to read and operate your entire Windows desktop and logged-in apps with few built-in boundaries.
Treat this like giving the agent remote-control access to your Windows desktop. It is not showing hidden exfiltration or persistence, but it can see the screen and operate open apps as you. Use it only in a controlled session, close sensitive windows, and require confirmation before any account, file, financial, business, or destructive action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could click the wrong button or perform high-impact actions in any open application, such as saving, submitting, accepting, or changing data.
When no window is specified, the script searches all visible windows and clicks the first matching enabled UI element. That is purpose-aligned desktop automation, but it is broad and has no built-in confirmation or app boundary.
else:
# Search all visible windows
windows = desktop.windows()
...
target['control'].click()Use only in a controlled desktop session, close sensitive apps first, and require explicit user approval before clicks, typing, dialog acceptance, or destructive changes.
Actions may be taken under the user's identity in already-authenticated apps, websites, files, or business tools.
The skill intentionally operates through the user's current desktop session, which can include logged-in applications and accounts. The artifacts do not define boundaries for which apps or accounts may be controlled.
Full Windows desktop control. Mouse, keyboard, screenshots - interact with any Windows application like a human.
Install only if you trust the agent with your active desktop session; consider using a separate Windows account, VM, or limited-permission environment.
Private messages, documents, credentials displayed on screen, or sensitive business data could be exposed to the agent's context.
The skill can capture the entire visible screen and return it to the agent context. This is disclosed and central to the skill, but it is broad and has no redaction or window-level restriction.
py screenshot.py > output.b64 Returns base64 PNG of entire screen.
Before use, hide or close sensitive windows and prefer targeted window-reading commands over full-screen screenshots when possible.
Users have less provenance information for deciding whether to trust code that can control their desktop.
The skill's origin and setup provenance are not documented in the registry metadata, which matters more for a high-impact desktop-control skill. No malicious installer or remote download is shown.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Review the included scripts locally and install only from a trusted publisher or verified package source.