ClawHub

nl2ms-ui

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Midscene UI automation skill, but its examples normalize sending real chat messages and automatically accepting permission or agreement prompts without clear user confirmation.

Install only if you intend to generate Midscene UI automation scripts and will review generated scripts before running them. Use test accounts, test devices, and sandbox URLs; do not run the provided messaging or permission-handling examples against production accounts unless you have explicit approval and have removed automatic consent behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example script performs real side-effecting actions in a production messaging app, including launching the app, searching for a user, sending a message, and automatically accepting permission or agreement dialogs via the AI action context. Because this is presented as a reusable example without explicit warnings, sandboxing guidance, or safeguards, users may run it against real accounts/devices and unintentionally send messages or consent to prompts they did not review.

Missing User Warnings

High
Confidence
98% confidence
Finding
The example explicitly instructs the agent to automatically click through permission requests, user agreements, and even dismiss login screens without user confirmation. In an NL-to-script generation context, this normalizes unsafe automation that can grant sensitive permissions, accept legal terms, or bypass user awareness during execution on real devices.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example script automates sending a real message to another user account without any warning, gating, or indication that it mutates external state. In a natural-language-to-script generation skill, this is dangerous because users may generate and run such scripts against production accounts, causing unintended communications, spam, or account/data modifications.

Missing User Warnings

High
Confidence
98% confidence
Finding
The automation context explicitly instructs the agent to click through permission, agreement, and consent dialogs automatically, which can bypass meaningful user consent and security/privacy prompts. In this skill context, where scripts are generated from natural language for UI automation, that behavior is especially risky because it normalizes auto-accepting potentially sensitive permissions in arbitrary apps.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example script automates sending a message/emoji in a real chat application, which causes external side effects by modifying chat content. In a skill that converts natural language into executable UI automation scripts, providing message-sending examples without an explicit warning, confirmation requirement, or scope limitation increases the risk of accidental spam, misdelivery, or abuse at scale.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example workflow performs an outbound action by sending a chat message, but it does not include any explicit user confirmation, warning, or safeguard before message transmission. In an agent skill that generates or demonstrates automation scripts, this can normalize or propagate patterns that trigger real external communications without adequate user awareness, increasing the risk of accidental messaging or misuse.

Ssd 4

Medium
Confidence
97% confidence
Finding
This context tells the agent to automatically consent to permission and agreement dialogs before continuing, which undermines informed consent and can silently enable access to location or other sensitive capabilities. Because the skill's purpose is to generate automation scripts across platforms, this unsafe default could be propagated broadly and reused in scenarios far beyond a controlled demo.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal