← 返回 Skills 市场
Windows Host UI Bridge
作者
Minhao Wang
· GitHub ↗
· v1.0.1
· MIT-0
151
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install win-bridge-control
功能描述
Bridge: Cross-OS UI automation for Windows Host
安全使用建议
What to consider before installing:
- This skill instructs the agent to run Windows cmd.exe from WSL and to call npx to fetch and run the package @midscene/computer@1 on the Windows host. That means it will download and execute code on your Windows machine at runtime — treat that like installing software from an untrusted source.
- The SKILL.md asks the agent to ‘sanitize’ prompts by removing a few characters, but the blacklist is incomplete. Malicious or malformed input could still trigger arbitrary commands on the host.
- There is an explicit mismatch: the skill declares 'node' as a required binary on the Linux side but the runtime command uses a Windows npx path. Ask the author why a Linux node is required or whether the template is accurate.
- If you consider using this skill: require the package author to provide provenance (repository, homepage, signed release, checksum), avoid runtime npx of unpinned packages, and prefer a vetted binary or an explicit install step you control. Limit autonomous invocation (require explicit user confirmation), test in an isolated disposable WSL/Windows environment, and audit the @midscene/computer package source before granting access.
- If you cannot verify the remote package and the author’s intent, treat the skill as high-risk and avoid installing it on productive machines.
功能分析
Type: OpenClaw Skill
Name: win-bridge-control
Version: 1.0.1
The skill facilitates cross-OS command execution by allowing a WSL2-based agent to run commands on the Windows host via '/mnt/c/Windows/System32/cmd.exe'. While it uses a legitimate UI automation library (@midscene/computer) and includes instructions in SKILL.md for the agent to sanitize inputs against shell injection, the bridge between the Linux environment and the Windows host shell is inherently high-risk and could be leveraged for unauthorized host access if the agent's sanitization logic is bypassed.
能力评估
Purpose & Capability
The skill claims to operate from a Linux (WSL2) environment to control the Windows host and therefore needing /mnt/c/Windows/System32/cmd.exe is coherent. However, the SKILL metadata also lists 'node' as a required binary on the Linux side while the runtime template explicitly invokes the Windows-side npx (C:\PROGRA~1\nodejs\npx.cmd). Requiring a Linux 'node' binary appears unnecessary or inconsistent with the provided command template.
Instruction Scope
Instructions tell the agent to invoke the Windows cmd.exe to run a Windows npx command that pulls and runs @midscene/computer@1 with a user-provided prompt. The document prescribes sanitizing action_prompt by removing a small set of characters (;,&,|,$,>), but this list is incomplete (fails to address quotes, backticks, percent expansion, carets, newlines, Windows-specific escapes, etc.). Because the agent is instructed to execute commands on the Windows host, insufficient sanitization and reliance on a short blacklist meaningfully increases the risk of command injection or unintended host actions.
Install Mechanism
There is no install spec, but the runtime template uses npx to fetch and execute @midscene/computer@1 at runtime. That means arbitrary code will be downloaded from the npm registry (or whatever registry npx uses) and executed on the Windows host. The skill provides no provenance, checksum, or pinned release; dynamic npx execution of an unvetted package is high-risk and effectively functions as a runtime install of unreviewed code.
Credentials
The skill requests no environment variables or credentials, which is consistent with a UI-automation bridge. However, it implicitly requires access to the Windows host filesystem and command execution (/mnt/c/Windows/System32/cmd.exe). The absence of any declared Windows-side configuration or provenance for the remote package (and the unnecessary Linux 'node' requirement) is noteworthy but not strictly contradictory.
Persistence & Privilege
The skill is not marked 'always', but it allows normal autonomous invocation. Autonomous invocation combined with the ability to run arbitrary Windows commands and to npx-install and execute remote packages increases the potential blast radius. Autonomous invocation alone is normal, but here it amplifies the risk because runtime behavior includes remote code execution on the host.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install win-bridge-control - 安装完成后,直接呼叫该 Skill 的名称或使用
/win-bridge-control触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Removed main.py, indicating the removal of core executable code.
- Documentation updated: SKILL.md rewritten with new instructions, improved security protocols, and detailed parameter handling in both English and Chinese.
- Now clearly outlines required dependencies, safe execution practices, and error troubleshooting steps for bridging automation from WSL2 to the Windows host.
- Updated example scenarios and instructions for safe, compliant, and robust Windows UI automation via command and Node.js tools.
v1.0.0
Initial release of Windows Bridge Control skill.
- Enables OpenClaw (in WSL2) to perform UI automation on Windows Host using Midscene.
- Resolves path issues and segmentation faults by bridging automation through cmd.exe.
- Supports natural language prompts to control UI actions on Windows-native applications (e.g., SoftMax Pro 7.4).
- Includes example usage and required prompt parameter.
元数据
常见问题
Windows Host UI Bridge 是什么?
Bridge: Cross-OS UI automation for Windows Host. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 151 次。
如何安装 Windows Host UI Bridge?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install win-bridge-control」即可一键安装,无需额外配置。
Windows Host UI Bridge 是免费的吗?
是的,Windows Host UI Bridge 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Windows Host UI Bridge 支持哪些平台?
Windows Host UI Bridge 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux)。
谁开发了 Windows Host UI Bridge?
由 Minhao Wang(@2059247714)开发并维护,当前版本 v1.0.1。
推荐 Skills