← Back to Skills Marketplace

Win Control

Name: Win Control
Author: scottzhouzhou

by ScottZhouZhou · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install win-control

Description

Control Windows mouse clicks and keyboard inputs via PowerShell scripts, supporting text, shortcuts, and customizable click actions.

Usage Guidance

This skill appears to do what it says (automate Windows input) but the package contains only documentation and no PowerShell scripts; installing it as-is will require you (or the agent) to obtain the referenced .ps1 files from elsewhere. Before using or allowing autonomous invocation: 1) do not run scripts you haven't inspected — request the actual .ps1 files and review their contents for network calls, credentials access, or commands that perform I/O or spawn other processes; 2) be cautious with examples that use -ExecutionPolicy Bypass and absolute paths (these can run arbitrary code and may target user home directories); 3) test in an isolated VM or non-production account first; 4) if you only need to send messages to a service like DingTalk, prefer an API-based integration (which will require explicit credentials) rather than UI automation; and 5) if you want to proceed, ask the publisher to provide the scripts (or a trusted install mechanism) and ensure the skill package includes them so behavior is auditable.

Capability Analysis

Type: OpenClaw Skill Name: win-control Version: 1.0.0 The bundle provides high-risk Robotic Process Automation (RPA) capabilities, including mouse/keyboard control and DingTalk messaging automation via PowerShell scripts. These capabilities are inherently risky as they allow an AI agent to perform arbitrary UI actions. The actual source code for the scripts (e.g., rpa-dingtalk-smart.ps1, mouse-click.ps1) is missing, preventing verification of input sanitization for parameters like -Message or -Text, which could be vulnerable to injection. Additionally, the documentation contains hardcoded local paths (C:\Users\xl\...) and utilizes -ExecutionPolicy Bypass, indicating poor security hygiene or potential for unauthorized execution.

Capability Assessment

⚠ Purpose & Capability

The skill's name/description say it controls mouse and keyboard via PowerShell scripts, which matches the commands in SKILL.md. However, the bundle contains no scripts or install step; all commands reference scripts under skills/win-control/scripts/*.ps1 (and an absolute example path under a user's .openclaw workspace). Requiring external scripts that are not packaged or installed is an incoherence: either the skill expects files to already exist on the host or the distributor omitted them.

ℹ Instruction Scope

SKILL.md instructs running PowerShell with -ExecutionPolicy Bypass to execute scripts that simulate mouse/keyboard and an RPA script to interact with DingTalk. That behavior is consistent with the stated purpose, but these commands will operate on the active window, send keystrokes, and can send messages to contacts (rpa-dingtalk-smart.ps1). Running arbitrary PowerShell (ExecutionPolicy Bypass) is powerful — expected for this task but high-risk if the underlying scripts are unreviewed or come from an untrusted source.

ℹ Install Mechanism

There is no install spec (instruction-only), which minimizes automated install risk. However, because no scripts are shipped, the skill as-distributed cannot function without external script files; this missing-install mismatch is a concern for coherence (it increases the chance a user or agent will fetch/execute scripts from other locations).

✓ Credentials

The skill does not request environment variables, credentials, or config paths. That is proportionate to its described functionality (local automation) — there are no unexplained secret requests in the metadata or instructions.

✓ Persistence & Privilege

always is false and there is no install step that modifies other skills or global agent settings. The skill uses commands that the agent may invoke (default autonomous invocation allowed), which is normal. Note: the use of PowerShell with ExecutionPolicy Bypass can elevate the risk of local script execution if combined with external or unreviewed code.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install win-control
After installation, invoke the skill by name or use /win-control
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of win-control. - Allows control of Windows mouse and keyboard via PowerShell scripts. - Supports mouse clicks at specified screen coordinates. - Enables sending text and keyboard shortcuts (e.g., CTRL+C, ALT+TAB). - Lists supported shortcut keys (function keys, navigation, etc.). - Includes safety warnings for use in test environments.

Metadata

Slug win-control

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Win Control?

Control Windows mouse clicks and keyboard inputs via PowerShell scripts, supporting text, shortcuts, and customizable click actions. It is an AI Agent Skill for Claude Code / OpenClaw, with 93 downloads so far.

How do I install Win Control?

Run "/install win-control" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Win Control free?

Yes, Win Control is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Win Control support?

Win Control is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Win Control?

It is built and maintained by ScottZhouZhou (@scottzhouzhou); the current version is v1.0.0.

More Skills