Skills
skills/whuanle/easytouch/easytouch-mcp/Gen Agent Trust Hub

easytouch-mcp

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill automatically manages the installation of browser binaries from a well-known service provider.
  • Evidence: In BrowserModule.cs, the skill invokes Microsoft.Playwright.Program.Main with the install command to download Chromium, Firefox, or WebKit browsers from Microsoft's official Playwright distribution channels during the first execution of browser tools.
  • [COMMAND_EXECUTION]: The skill utilizes a wide range of system commands and hardware-level APIs to perform desktop automation across Windows, Linux, and macOS.
  • Evidence: On macOS, it uses osascript (AppleScript) for GUI control and screencapture for imaging. On Linux, it relies on utilities like xdotool, wmctrl, and xrandr. On Windows, it leverages the Win32 API for direct hardware interaction, including mouse events and key strokes.
  • [REMOTE_CODE_EXECUTION]: The skill provides tools capable of executing local files, which could be leveraged for code execution if a malicious file is first placed on the system by the agent.
  • Evidence: The browser_run_script tool executes a local script path using the Playwright test runner.
  • Evidence: In SystemModule.cs (Windows), the process_start tool can launch any executable file provided via a file name and arguments.
  • [PROMPT_INJECTION]: The skill exposes a significant attack surface for indirect prompt injection due to its diverse data ingestion capabilities combined with powerful system-level tools.
  • Ingestion points: The skill can ingest potentially malicious instructions from the system clipboard (clipboard_get_text), scraped browser page content (browser_get_text), and application window titles (window_list).
  • Boundary markers: There are no enforced boundary markers or specific "ignore embedded instructions" warnings in the skill documentation or logic when the agent processes data retrieved via these tools.
  • Capability inventory: The skill provides an extensive suite of system-level capabilities, including full GUI control (mouse/keyboard), screen capture, process management, and browser-based scripting.
  • Sanitization: Basic escaping is applied to character input in modules like KeyboardModule.cs, but the skill primarily relies on the AI agent's internal safety guardrails when handling content fetched from the desktop environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 01:35 AM