Back to skill

Security audit

Windows UI Automation

Security checks across malware telemetry and agentic risk

Overview

This skill openly gives an agent live control of the Windows mouse and keyboard, which fits its purpose but needs review because actions are not bounded to a verified target window.

Install only if you intentionally want an agent to operate your live Windows desktop. Keep sensitive apps closed or unfocused, verify the target window with screenshots or active-window checks, and require explicit confirmation before clicks or keystrokes that could submit, delete, purchase, send, approve prompts, or change settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill enables direct desktop input injection through mouse movement, clicks, and keyboard events, but it does not prominently warn that actions may target the wrong window, interfere with active user sessions, or unintentionally modify or submit data. In a UI automation skill, this omission is materially risky because focus changes, pop-ups, or timing issues can cause keystrokes and clicks to land in unintended applications with real side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends arbitrary keystrokes directly to whichever window currently has focus, with no validation, confirmation, or binding to a specific trusted application. In a GUI automation skill, this can cause unintended or attacker-influenced actions such as approving prompts, entering commands, sending messages, or interacting with privileged windows if focus is stolen or changes unexpectedly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This script performs direct mouse movement and click injection against the Windows desktop without any built-in confirmation, target validation, or user visibility controls. In an agent context, that is dangerous because it can trigger unintended or unauthorized actions in privileged desktop applications, making prompt-injection or task-confusion attacks materially easier to weaponize.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.