ClawHub
Back to skill
v1.0.0

Windows Control

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:16 AM.

Analysis

The skill is coherent and not visibly malicious, but it gives an agent broad ability to see and control the entire Windows desktop, so it deserves careful review before installation.

GuidanceInstall this only if you intentionally want an agent to see and control your Windows desktop. Prefer using a dedicated VM or Windows profile, close sensitive apps and websites, and require manual approval before clicks, typing, hotkeys, Save/Submit/Yes actions, or dialog handling.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/click_element.py
else:
        # Search all visible windows
        windows = desktop.windows()
...
# Click the first matching element
    target = candidates[0]
    target['control'].click()

If no window is specified, this click tool searches every visible window and clicks the first matching UI element, which creates a real risk of acting in the wrong application or approving an unintended action.

User impactAn agent could click, type, press hotkeys, close windows, or confirm dialogs in any open app, including apps with important files or signed-in accounts.
RecommendationUse only with explicit user approval for high-impact actions, specify target windows whenever possible, and avoid allowing autonomous clicks, typing, or dialog confirmations in sensitive applications.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown
Homepage: none

The artifact provides limited provenance for a tool that can control the desktop, even though the included code is visible and no remote installer is shown.

User impactUsers have less external context for who maintains the skill or where to verify updates and documentation.
RecommendationReview the included scripts before use and install only from a trusted registry/source, especially because the skill controls the local desktop.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Full Windows desktop control. Mouse, keyboard, screenshots - interact with any Windows application like a human.

The skill is explicitly designed to act through the user's Windows desktop, so it can inherit whatever access the user already has in open local apps and browser sessions.

User impactActions taken through this skill may be treated by applications and websites as actions by the user.
RecommendationConsider running it only in a dedicated Windows profile, VM, or non-sensitive session, and log out of accounts or close applications that the agent should not access.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
scripts/screenshot.py
screenshot = pyautogui.screenshot()
...
print(img_base64)

The screenshot tool captures the full screen and returns it to the agent context, which can include private messages, documents, passwords shown on screen, or other sensitive information.

User impactSensitive on-screen content may be read by the agent, and webpage or window text brought into context could influence later actions if over-trusted.
RecommendationClose or hide sensitive windows before use, avoid displaying secrets, and treat captured webpage or UI text as untrusted input rather than instructions.