Trust Assessment
computer-use received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary Key Press Simulation Leading to Command Injection, Arbitrary Text Input Simulation Leading to Command Injection, Full Desktop Control via `xdotool` Grants Broad System Access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Key Press Simulation Leading to Command Injection The `key.sh` script directly passes user-controlled input (`$KEY`) to `xdotool key`. `xdotool key` can simulate complex key combinations, including those that can open application launchers (e.g., `alt+F2`), terminals, or trigger system-level actions. An attacker who can control the `$KEY` argument could craft a sequence of key presses to execute arbitrary commands on the host system. For example, simulating `alt+F2` followed by typing a command and pressing `Return` could lead to arbitrary code execution. Implement strict validation or a whitelist for allowed key combinations. If arbitrary key combinations are required, ensure the execution environment is sandboxed and isolated from sensitive resources. Consider adding a confirmation step for potentially destructive key combinations. | LLM | scripts/key.sh:13 | |
| CRITICAL | Arbitrary Text Input Simulation Leading to Command Injection The `type_text.sh` script directly passes user-controlled input (`$TEXT`) to `xdotool type`. `xdotool type` simulates typing arbitrary text. If an attacker can control the `$TEXT` argument, they could type malicious commands into an open terminal, a browser's address bar, or any other application that accepts text input, leading to arbitrary code execution or data exfiltration. Implement strict validation or sanitization of the input text. If arbitrary text input is required, ensure the execution environment is sandboxed and isolated. Consider adding a confirmation step for potentially destructive text inputs. | LLM | scripts/type_text.sh:20 | |
| HIGH | Full Desktop Control via `xdotool` Grants Broad System Access The skill's core functionality relies on `xdotool` to simulate mouse and keyboard input, providing full control over the desktop environment. This includes the ability to launch applications (e.g., terminal, browser), navigate the filesystem, and interact with any GUI application. While this is the intended purpose of the 'computer-use' skill, it grants the LLM extremely broad permissions on the host system. A compromised LLM could leverage these capabilities to perform malicious actions, including arbitrary code execution, data exfiltration, or system disruption, beyond the specific `key.sh` and `type_text.sh` vectors. Deploy the skill in a highly isolated and sandboxed environment (e.g., a dedicated virtual machine or container with strict resource limits and network egress filtering). Implement robust monitoring and auditing of all actions performed by the skill. Consider implementing human-in-the-loop approval for sensitive actions. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/97b76d1259409079)
Powered by SkillShield