Skills
skills/malue-ai/dazee-small/claude-computer-use/Gen Agent Trust Hub

claude-computer-use

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill captures full-screen desktop screenshots and transmits them to Anthropic's cloud-based API. This behavior exposes any sensitive information visible on the screen, such as private documents, credentials, or open chat windows, to an external service.
  • [COMMAND_EXECUTION]: The skill dynamically executes system commands via subprocess.run using inputs provided by the AI model. It utilizes tools like cliclick and osascript on macOS to perform actions like typing and clicking, which can be exploited to execute arbitrary commands if the model is misled.
  • [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection.
  • Ingestion points: Desktop screenshots are captured in the screenshot() (macOS) and screenshot_win() (Windows) functions.
  • Boundary markers: None. The model processes the raw visual data of the entire screen without any markers to distinguish between system UI and potentially malicious content displayed on the screen.
  • Capability inventory: The skill has extensive local capabilities, including executing subprocesses (cliclick, osascript) and full keyboard/mouse control via pyautogui.
  • Sanitization: There is no sanitization or validation of the action inputs (like text or key) received from the model before they are executed at the system level.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 04:19 PM