Windows Remote
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with a destructive command or the wrong path, the agent could change, delete, upload, or download files on the configured Windows machine.
The skill intentionally exposes arbitrary remote command execution and file upload/download paths. This is purpose-aligned for remote administration, but users should treat it as powerful.
scripts/win-exec.sh "<command>" scripts/win-upload.sh <local-file> <remote-path> scripts/win-download.sh <remote-path> <local-file>
Use this only for trusted hosts, review commands before destructive actions, and consider adding explicit approval rules for uploads, downloads, service changes, or deletion commands.
Commands may be sent to the wrong machine or a man-in-the-middle host without the normal SSH warning, especially on untrusted networks.
The script disables SSH host-key verification while executing remote commands, which weakens protection against connecting to a spoofed or unexpected host.
-o "StrictHostKeyChecking=no"
...
ssh "${SSH_OPTS[@]}" "${USER}@${HOST}" "$COMMAND"Remove StrictHostKeyChecking=no, pre-populate known_hosts for the intended Windows host, or use a safer policy such as verified host keys before allowing command execution.
The agent can act with whatever privileges the configured SSH account has on the remote Windows machine.
The skill uses an SSH account and local private key, and its example uses an Administrator account. This is expected for remote Windows control but grants significant authority.
"WINDOWS_SSH_USER": { "description": "SSH username", "required": true, "example": "Administrator" }
...
"WINDOWS_SSH_KEY": { "description": "Path to SSH private key (default: ~/.ssh/id_ed25519)" }Use a dedicated, least-privilege SSH account and key where possible; avoid Administrator unless required, and protect the private key carefully.
Users have less external context for maintainer identity, updates, or issue reporting.
The registry metadata does not identify a source repository or homepage, so provenance is limited even though the included scripts are visible.
Source: unknown Homepage: none
Review the included scripts before use and prefer installing remote-control skills from a source you trust.