← Back to Skills Marketplace
2059247714

Windows Host UI Bridge

by Minhao Wang · GitHub ↗ · v1.0.1 · MIT-0
linux ⚠ suspicious
151
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install win-bridge-control
Description
Bridge: Cross-OS UI automation for Windows Host
Usage Guidance
What to consider before installing: - This skill instructs the agent to run Windows cmd.exe from WSL and to call npx to fetch and run the package @midscene/computer@1 on the Windows host. That means it will download and execute code on your Windows machine at runtime — treat that like installing software from an untrusted source. - The SKILL.md asks the agent to ‘sanitize’ prompts by removing a few characters, but the blacklist is incomplete. Malicious or malformed input could still trigger arbitrary commands on the host. - There is an explicit mismatch: the skill declares 'node' as a required binary on the Linux side but the runtime command uses a Windows npx path. Ask the author why a Linux node is required or whether the template is accurate. - If you consider using this skill: require the package author to provide provenance (repository, homepage, signed release, checksum), avoid runtime npx of unpinned packages, and prefer a vetted binary or an explicit install step you control. Limit autonomous invocation (require explicit user confirmation), test in an isolated disposable WSL/Windows environment, and audit the @midscene/computer package source before granting access. - If you cannot verify the remote package and the author’s intent, treat the skill as high-risk and avoid installing it on productive machines.
Capability Analysis
Type: OpenClaw Skill Name: win-bridge-control Version: 1.0.1 The skill facilitates cross-OS command execution by allowing a WSL2-based agent to run commands on the Windows host via '/mnt/c/Windows/System32/cmd.exe'. While it uses a legitimate UI automation library (@midscene/computer) and includes instructions in SKILL.md for the agent to sanitize inputs against shell injection, the bridge between the Linux environment and the Windows host shell is inherently high-risk and could be leveraged for unauthorized host access if the agent's sanitization logic is bypassed.
Capability Assessment
Purpose & Capability
The skill claims to operate from a Linux (WSL2) environment to control the Windows host and therefore needing /mnt/c/Windows/System32/cmd.exe is coherent. However, the SKILL metadata also lists 'node' as a required binary on the Linux side while the runtime template explicitly invokes the Windows-side npx (C:\PROGRA~1\nodejs\npx.cmd). Requiring a Linux 'node' binary appears unnecessary or inconsistent with the provided command template.
Instruction Scope
Instructions tell the agent to invoke the Windows cmd.exe to run a Windows npx command that pulls and runs @midscene/computer@1 with a user-provided prompt. The document prescribes sanitizing action_prompt by removing a small set of characters (;,&,|,$,>), but this list is incomplete (fails to address quotes, backticks, percent expansion, carets, newlines, Windows-specific escapes, etc.). Because the agent is instructed to execute commands on the Windows host, insufficient sanitization and reliance on a short blacklist meaningfully increases the risk of command injection or unintended host actions.
Install Mechanism
There is no install spec, but the runtime template uses npx to fetch and execute @midscene/computer@1 at runtime. That means arbitrary code will be downloaded from the npm registry (or whatever registry npx uses) and executed on the Windows host. The skill provides no provenance, checksum, or pinned release; dynamic npx execution of an unvetted package is high-risk and effectively functions as a runtime install of unreviewed code.
Credentials
The skill requests no environment variables or credentials, which is consistent with a UI-automation bridge. However, it implicitly requires access to the Windows host filesystem and command execution (/mnt/c/Windows/System32/cmd.exe). The absence of any declared Windows-side configuration or provenance for the remote package (and the unnecessary Linux 'node' requirement) is noteworthy but not strictly contradictory.
Persistence & Privilege
The skill is not marked 'always', but it allows normal autonomous invocation. Autonomous invocation combined with the ability to run arbitrary Windows commands and to npx-install and execute remote packages increases the potential blast radius. Autonomous invocation alone is normal, but here it amplifies the risk because runtime behavior includes remote code execution on the host.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install win-bridge-control
  3. After installation, invoke the skill by name or use /win-bridge-control
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Removed main.py, indicating the removal of core executable code. - Documentation updated: SKILL.md rewritten with new instructions, improved security protocols, and detailed parameter handling in both English and Chinese. - Now clearly outlines required dependencies, safe execution practices, and error troubleshooting steps for bridging automation from WSL2 to the Windows host. - Updated example scenarios and instructions for safe, compliant, and robust Windows UI automation via command and Node.js tools.
v1.0.0
Initial release of Windows Bridge Control skill. - Enables OpenClaw (in WSL2) to perform UI automation on Windows Host using Midscene. - Resolves path issues and segmentation faults by bridging automation through cmd.exe. - Supports natural language prompts to control UI actions on Windows-native applications (e.g., SoftMax Pro 7.4). - Includes example usage and required prompt parameter.
Metadata
Slug win-bridge-control
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Windows Host UI Bridge?

Bridge: Cross-OS UI automation for Windows Host. It is an AI Agent Skill for Claude Code / OpenClaw, with 151 downloads so far.

How do I install Windows Host UI Bridge?

Run "/install win-bridge-control" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Windows Host UI Bridge free?

Yes, Windows Host UI Bridge is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Windows Host UI Bridge support?

Windows Host UI Bridge is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux).

Who created Windows Host UI Bridge?

It is built and maintained by Minhao Wang (@2059247714); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments