Back to skill

Security audit

Gui Control

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built rather than malicious, but it gives an agent broad desktop control and screenshot access without enough safeguards.

Install only if you intend to let an agent operate the visible desktop. Supervise use closely, avoid passwords, private messages, financial/account actions, deletion, posting, or purchases unless you explicitly approve each step, and be cautious with screenshot sharing and Telegram/Discord gateway use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broadly scoped to common user actions like opening a browser, visiting a website, taking screenshots, and interacting with GUI applications, without clear guardrails for when it should or should not be invoked. In an agent environment, this can cause over-invocation of a powerful GUI automation skill, increasing the chance of unintended desktop interaction, navigation to untrusted content, or access to sensitive on-screen data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to take screenshots, read them, and send them to the user, but provides no warning or filtering for sensitive information that may be visible on the desktop. Because screenshots can capture passwords, personal data, messages, tokens, or unrelated application windows, this creates a direct data-exfiltration risk in a skill specifically designed for broad GUI access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script can send arbitrary keystrokes to whatever window currently has focus, with no target validation, confirmation, or scope restriction. In a GUI-control skill, this creates real risk of unintended command execution, data entry into privileged prompts, or interaction with sensitive applications if focus is stolen or misidentified.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The screenshot command captures the full GUI and writes it to disk, which can expose sensitive on-screen data such as credentials, tokens, personal information, or internal documents. Although screenshotting is part of the skill's purpose, saving to a predictable path in /tmp without warning or access controls increases the chance of unintended disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.