desktop-control

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These are direct raw GitHub links to shell/PowerShell install scripts (and an individual GitHub repo) and the skill explicitly instructs piping them into bash/iex — running unvetted remote scripts from a potentially unknown account is a high-risk vector for malware.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The documentation describes a legitimate desktop-automation tool but exposes multiple high-risk, easily abusable capabilities — stealth background input, screenshots and video capture, driving security/auth dialogs (Keychain/SecurityAgent), clipboard/paste injection into terminals, a long-running autostart daemon with a socket/remote-control surface and browser/CDP attach — plus a network installer pattern; these combine into clear vectors for credential theft, covert data exfiltration, persistence, and remote control if misused or accessed by an attacker.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisites explicitly fetch and execute remote installer scripts (curl -fsSL https://raw.githubusercontent.com/trycua/cua/main/libs/cua-driver/scripts/install.sh | bash and irm https://raw.githubusercontent.com/trycua/cua/main/libs/cua-driver/scripts/install.ps1 | iex) which run remote code and are required to install the driver used by the skill.