ClawHub

HiDPI Mouse

Security checks across malware telemetry and agentic risk

Overview

This skill gives an agent real Linux desktop mouse control, but the behavior is disclosed, purpose-aligned, and not hiding exfiltration or destructive behavior.

Install only if you are comfortable allowing an agent to move, click, and drag on your live Linux/X11 desktop. Supervise use on sensitive screens, verify coordinates before important actions, and avoid running the scripts with elevated privileges.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is narrowly framed as HiDPI coordinate conversion, but the described interfaces also enable broader desktop automation behaviors such as focusing windows, clicking relative to windows, and issuing raw absolute clicks. That mismatch is security-relevant because reviewers or downstream agents may trust the limited description while invoking actions that can interact with arbitrary applications and bypass the claimed safety boundary of screenshot-to-screen coordinate conversion.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill documentation presents commands as routine utilities without clearly warning that they cause real mouse movement, clicks, double-clicks, right-clicks, and drag actions on the live desktop. In an agent-driven environment, that omission increases the chance of unsafe invocation against sensitive UI elements, causing unintended state changes, approvals, deletions, or data disclosure.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The script writes a cache file to a fixed path under /tmp, which is a shared world-writable directory. Even though the cached value is not highly sensitive, using a predictable filename can enable symlink or clobbering issues, allowing another local user or process to influence the script's behavior or overwrite an unintended file if the script runs with elevated privileges.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal