📦 Windows Host UI Bridge — 跨OS界面自动化
v1.0.1在 Windows 主机与跨系统 UI 之间建立桥梁,实现远程桌面、窗口捕捉、控件识别与自动化操作,支持脚本录制回放,方便开发者跨平台调试 Windows 应用界面。
0· 98·0 当前·0 累计
by 下载技能包
最后更新
2026/3/27
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
What to consider before installing:
- This skill instructs the agent to run Windows cmd.exe from WSL and to call npx to fetch and run the package @midscene/computer@1 on the Windows host. That means it will download and execute code on your Windows machine at runtime — treat that like installing software from an untrusted source.
- The SKILL.md asks the agent to ‘sanitize’ prompts by removing a few characters, but the blacklist is incomplete. Malicious or malformed input could still trigger arbi...详细分析 ▾
⚠ 用途与能力
The skill claims to operate from a Linux (WSL2) environment to control the Windows host and therefore needing /mnt/c/Windows/System32/cmd.exe is coherent. However, the SKILL metadata also lists 'node' as a required binary on the Linux side while the runtime template explicitly invokes the Windows-side npx (C:\PROGRA~1\nodejs\npx.cmd). Requiring a Linux 'node' binary appears unnecessary or inconsistent with the provided command template.
⚠ 指令范围
Instructions tell the agent to invoke the Windows cmd.exe to run a Windows npx command that pulls and runs @midscene/computer@1 with a user-provided prompt. The document prescribes sanitizing action_prompt by removing a small set of characters (;,&,|,$,>), but this list is incomplete (fails to address quotes, backticks, percent expansion, carets, newlines, Windows-specific escapes, etc.). Because the agent is instructed to execute commands on the Windows host, insufficient sanitization and reliance on a short blacklist meaningfully increases the risk of command injection or unintended host actions.
⚠ 安装机制
There is no install spec, but the runtime template uses npx to fetch and execute @midscene/computer@1 at runtime. That means arbitrary code will be downloaded from the npm registry (or whatever registry npx uses) and executed on the Windows host. The skill provides no provenance, checksum, or pinned release; dynamic npx execution of an unvetted package is high-risk and effectively functions as a runtime install of unreviewed code.
ℹ 凭证需求
The skill requests no environment variables or credentials, which is consistent with a UI-automation bridge. However, it implicitly requires access to the Windows host filesystem and command execution (/mnt/c/Windows/System32/cmd.exe). The absence of any declared Windows-side configuration or provenance for the remote package (and the unnecessary Linux 'node' requirement) is noteworthy but not strictly contradictory.
⚠ 持久化与权限
The skill is not marked 'always', but it allows normal autonomous invocation. Autonomous invocation combined with the ability to run arbitrary Windows commands and to npx-install and execute remote packages increases the potential blast radius. Autonomous invocation alone is normal, but here it amplifies the risk because runtime behavior includes remote code execution on the host.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSLinux
版本
latestv1.0.12026/3/27
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install win-bridge-control
镜像加速npx clawhub@latest install win-bridge-control --registry https://cn.longxiaskill.com