Pywayne Gui

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Windows GUI automation guide whose powerful desktop-control features match its stated purpose.

Install it only in a trusted Python environment, confirm the exact target window before automating actions, avoid running as administrator unless necessary, and stop the global hotkey listener when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation demonstrates programmatic window closing as part of automation without warning that unsaved work may be lost or that the target application may prompt for confirmation. In a GUI automation skill, users may copy examples directly into workflows that act on arbitrary windows, making accidental destructive actions more likely.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The examples document global hotkey registration and system-wide GUI control without clearly warning that these capabilities monitor input globally and can manipulate other applications. Although this is expected functionality for the skill, missing safety guidance can lead to privacy surprises, unintended interception of user actions, or misuse in sensitive desktop contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal