ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

windows-automation

v1.0.0

Automate Windows desktop tasks by launching apps, capturing screenshots, and simulating mouse and keyboard actions via PowerShell and Python scripts.

0· 59·0 current·0 all-time
by@xiaodu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included Python scripts (app launcher, screenshot, mouse, keyboard). The required actions (launch apps, capture screen, simulate input, list/kill processes) are appropriate for a Windows automation/RPA skill.
Instruction Scope
SKILL.md instructs the agent to run the local scripts and use PowerShell to list processes, capture windows, and save screenshots to the user's Desktop. Those actions are expected for automation but are sensitive (process enumeration, screenshots, simulated input). Instructions do not attempt to read unrelated config or secrets and do not transmit data externally.
Install Mechanism
No install spec or remote downloads are present; the skill is instruction-plus-local-scripts only. All code is included in the bundle, so there is no hidden remote install risk.
Credentials
The skill requests no environment variables or credentials. It performs filesystem writes (saving screenshots) and queries OS process/window state — these are proportional to its stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges in metadata. Some operations (killing processes, controlling other apps) may prompt for administrator rights on Windows; also, because the platform allows autonomous invocation by default, consider the risk that an agent could run these actions without explicit consent.
Assessment
This skill appears internally consistent for Windows desktop automation, but it can perform sensitive actions (take screenshots, enumerate processes, simulate mouse/keyboard, kill processes). Before installing: (1) review the included Python files yourself (they’re present and readable), (2) run the skill in a test or sandboxed Windows account/VM first, (3) avoid granting administrator privileges unless you trust the code, (4) restrict or review any agent autonomy so the agent cannot run desktop-control commands without your confirmation, and (5) prefer skills with clear source/homepage provenance — this package has unknown origin.

Like a lobster shell, security has layers — review code before you run it.

latestvk974mj8wyx2fswwsnx7765r92d83k1pm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments