Security checks across malware telemetry and agentic risk
This skill openly provides broad system-control automation, but it also includes sensitive credential, camera, microphone, screen, network, and runtime installation capabilities that need review before use.
Install only if you intentionally want a powerful local Windows automation controller. Review commands before running them, avoid using it on sensitive screens or around private audio/video unless explicitly needed, do not expose live tokens or WiFi passwords in logs, and prefer a controlled virtual environment because it may install Python packages at runtime.
import pycaw
return pycaw
except ImportError:
subprocess.check_call([sys.executable, "-m", "pip", "install", "pycaw>=2.2.7,<3", "-q"])
import pycaw
return pycawimport sounddevice as sd
return sd
except ImportError:
subprocess.check_call([sys.executable, "-m", "pip", "install", "sounddevice>=0.5.0,<1", "-q"])
import sounddevice as sd
return sdimport psutil
return psutil
except ImportError:
subprocess.check_call([sys.executable, "-m", "pip", "install", "psutil>=5.9.8,<7", "-q"])
import psutil
return psutilreturn "", f"ERROR: Command blocked - contains '{blocked}'", -1
try:
result = subprocess.run(
cmd, shell=True, capture_output=True, text=True,
encoding="utf-8", errors="replace", timeout=timeout
)import bleak
return bleak
except ImportError:
subprocess.check_call([sys.executable, "-m", "pip", "install", "bleak>=0.22.0,<1", "-q"])
import bleak
return bleakimport cv2
return cv2
except ImportError:
subprocess.check_call([sys.executable, "-m", "pip", "install", "opencv-python-headless>=4.9.0.80,<5", "-q"])
import cv2
return cv2try:
# Use list-based invocation (no shell=True) for safety
result = subprocess.run(
["powershell.exe", "-NoProfile", "-NonInteractive", "-Command", full_script],
capture_output=True,
text=True,env["PYTHONIOENCODING"] = "utf-8"
try:
result = subprocess.run(
cmd_str,
capture_output=True,
text=True,return True
except ImportError:
print("Installing pyserial...")
subprocess.check_call(
[sys.executable, "-m", "pip", "install", "pyserial>=3.5,<4", "-q"],
stdout=subprocess.DEVNULL
)import psutil
return psutil
except ImportError:
subprocess.check_call([sys.executable, "-m", "pip", "install", "psutil>=5.9.8,<7", "-q"])
import psutil
return psutil48/48 vendors flagged this skill as clean.